[Vpn-help] Cisco VPN Concentrator 3000 Series

Matthew Grooms mgrooms at shrew.net
Fri Nov 6 10:23:08 CST 2009


Wood, Jeremy wrote:
> Please let me know if any more detail is needed.
> 

Jeremy,

The gateway doesn't send a notification before the delete. This makes it 
almost impossible to guess as to why the phase1 SA was deleted. However, 
the delete does come after the phase2 proposal is sent. That would lead 
me to believe that your gateway doesn't like the phase2 proposal and 
sends a phase1 delete to kill the connection as a result.

Try playing with the PFS options. You can also try setting the cipher 
and authentication algorithms to an exact match that you know to work.

Hope this helps,

-Matthew



More information about the vpn-help mailing list