Skip navigation
Cisco Learning Home > CCNP Security Study Group > Discussions
1399 Views 15 Replies Latest reply: Mar 19, 2012 7:15 AM by Keith Barker - CCIE RS/Security, CISSP RSS Go to original post 1 2 Previous Next

Currently Being Moderated
  • Keith Barker - CCIE RS/Security, CISSP 5,351 posts since
    Jul 3, 2009
    Currently Being Moderated
    15. Mar 19, 2012 7:15 AM (in response to Cristian)
    Re: DMVPN SET UP PROBLEM

    Cristian wrote:

     

    In my version of IOS, after completing the set-up of the IPSEC profile with a default transform set, the command:

     

    show crypto ipsec profile

     

    gave me the following:

     

    IPSEC profile NNNNN

              Security association lifetime: 4608000 kilobytes/3600 seconds

              PFS (Y/N): N

              Transform sets={

              }

     

    Now, I wonder if this means "absence of a valid transform-set" or simply "use an (implicit) default trasnform-set".

    I am more for the first option, however the official cert guide says that creating a new ipsec profile is enough.

    Official documentation on Cisco.com makes you create a transform-set.

     

    Probably an issue of IOS version, I don't know.

     

    From now on, I will declare a transform-set.

     

     

     

    Hope to be helpful.

     

     

    Cristian

     

     

    I think the output reflects that there isn't a transform set, and that you need to create and assign one for the IKE phase 2 to work.  

     

    Keep up the good work.

     

    Best wishes,

     

    Keith

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)