1 2 Previous Next 15 Replies Latest reply: Mar 19, 2012 7:15 AM by Keith Barker - CCIE RS/Security, CISSP Go to original post RSS
      • 15. Re: DMVPN SET UP PROBLEM
        Keith Barker - CCIE RS/Security, CISSP

        Cristian wrote:


        In my version of IOS, after completing the set-up of the IPSEC profile with a default transform set, the command:


        show crypto ipsec profile


        gave me the following:


        IPSEC profile NNNNN

                  Security association lifetime: 4608000 kilobytes/3600 seconds

                  PFS (Y/N): N

                  Transform sets={



        Now, I wonder if this means "absence of a valid transform-set" or simply "use an (implicit) default trasnform-set".

        I am more for the first option, however the official cert guide says that creating a new ipsec profile is enough.

        Official documentation on Cisco.com makes you create a transform-set.


        Probably an issue of IOS version, I don't know.


        From now on, I will declare a transform-set.




        Hope to be helpful.






        I think the output reflects that there isn't a transform set, and that you need to create and assign one for the IKE phase 2 to work.  


        Keep up the good work.


        Best wishes,



        1 2 Previous Next