[Vpn-help] Cisco VPN Concentrator 3000 Series
    Matthew Grooms 
    mgrooms at shrew.net
       
    Fri Nov  6 10:23:08 CST 2009
    
    
  
Wood, Jeremy wrote:
> Please let me know if any more detail is needed.
> 
Jeremy,
The gateway doesn't send a notification before the delete. This makes it 
almost impossible to guess as to why the phase1 SA was deleted. However, 
the delete does come after the phase2 proposal is sent. That would lead 
me to believe that your gateway doesn't like the phase2 proposal and 
sends a phase1 delete to kill the connection as a result.
Try playing with the PFS options. You can also try setting the cipher 
and authentication algorithms to an exact match that you know to work.
Hope this helps,
-Matthew
    
    
More information about the vpn-help
mailing list