[vpn-help] Unable to negotiate phase 1 parameters with Cisco 2611
Matthew Grooms
mgrooms at shrew.net
Sun Mar 14 22:02:06 CDT 2010
On 3/14/2010 11:33 AM, Nikolaj Griscenko wrote:
> Hello,
>
> I can‘t establish an IPSec session between WinXP shrewsoft client 2.1.5
> and Cisco 2611 (12.4-1a IOS). Unable to negotiate phase 1 pre-shared key
> authentication parameter. I configured Cisco to use isakmp client
> configuration group „VPN“ and dynamic ipsec tunnels. Phase 1 parameters are:
>
> Encryption: 3des
> DH Group: 2
> Hash: md5
> Authentication: pre-shared key
>
> Lifetime: 28800 s
>
...
>
> I also tried configuring shrewsoft without specifying a VPN group
> parameter, and it passed the phase 1 successfully, but could not pass
> phase 2. Is it something wrong with Cisco or Client config?
>
You will have to forgive me. Once upon a time I managed a lot of Cisco
gear but these days my IOS is a bit rusty :) Maybe this document could help?
http://www.fredshack.com/docs/vpnios.html
You basically want to configure the router in the same manner you would
for the Cisco VPN client and then use the appropriate settings on the
Shrew client. However, those settings entirely depend on how the router
is configured and I don't have an IOS device in my lab to provide test
samples or configurations with. If you are unsure of the settings, you
can start with the Cisco VPN Client and a Cisco document, then export
the PCF and import it into the Shrew Soft client.
Hope this helps,
-Matthew
More information about the vpn-help
mailing list