I had quite a bit of trouble getting this to work the other day. After some googling I came across this thread over on 6200networks.com. I had matched up the config he had listed just by chance because I was also enabling an L2L VPN. However, I still couldn’t get it to work. The trick was to change the IPSEC transform set to AES-256. After that it was smooth sailing. I posted a comment over there but he hasn’t approved it yet.
I’ve discovered ISAKMP profiles too. Very cool!
#1 by ndouba on February 10, 2009 - 4:00 pm
What were the changes you performed exactly? Did you change the encryption entry and the transform set?
#2 by scott on February 11, 2009 - 12:37 pm
Simply changed the transform set to AES-256. He posted a follow up on 6200 and it might have been more related to the ver of IOS I was running, oddly enough.
#3 by Bill Taney on May 4, 2010 - 4:28 pm
For some reason it never get’s past
May 4 16:23:40.382 CST: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Aggressive mode failed with peer at 166.137.143.134
#4 by scott on May 5, 2010 - 10:38 am
I’m going to put up a new post about it. Full config included…