1 2 Previous Next 15 Replies Latest reply: Mar 19, 2012 7:15 AM by Keith Barker - CCIE RS/Security, CISSP Go to original post RSS
      • 15. Re: DMVPN SET UP PROBLEM
        Keith Barker - CCIE RS/Security, CISSP

        Cristian wrote:

         

        In my version of IOS, after completing the set-up of the IPSEC profile with a default transform set, the command:

         

        show crypto ipsec profile

         

        gave me the following:

         

        IPSEC profile NNNNN

                  Security association lifetime: 4608000 kilobytes/3600 seconds

                  PFS (Y/N): N

                  Transform sets={

                  }

         

        Now, I wonder if this means "absence of a valid transform-set" or simply "use an (implicit) default trasnform-set".

        I am more for the first option, however the official cert guide says that creating a new ipsec profile is enough.

        Official documentation on Cisco.com makes you create a transform-set.

         

        Probably an issue of IOS version, I don't know.

         

        From now on, I will declare a transform-set.

         

         

         

        Hope to be helpful.

         

         

        Cristian

         

         

        I think the output reflects that there isn't a transform set, and that you need to create and assign one for the IKE phase 2 to work.  

         

        Keep up the good work.

         

        Best wishes,

         

        Keith

        1 2 Previous Next