[Vpn-help] Cisco VPN Concentrator 3000 Series
Matthew Grooms
mgrooms at shrew.net
Fri Nov 6 10:23:08 CST 2009
Wood, Jeremy wrote:
> Please let me know if any more detail is needed.
>
Jeremy,
The gateway doesn't send a notification before the delete. This makes it
almost impossible to guess as to why the phase1 SA was deleted. However,
the delete does come after the phase2 proposal is sent. That would lead
me to believe that your gateway doesn't like the phase2 proposal and
sends a phase1 delete to kill the connection as a result.
Try playing with the PFS options. You can also try setting the cipher
and authentication algorithms to an exact match that you know to work.
Hope this helps,
-Matthew
More information about the vpn-help
mailing list