Attempting to allow a customer with a 7000 series router into our PIX via VPN.
I can get the VPN to work fine if I remove all restrictions on both inbound and outbout addresses. However as soon as I add a restriction on either interface, to permit access to or from a specific IP address or subnet, then the connection breaks altogether.
The following appears in the console log:
ISAKMP: IPSec policy invalidated proposal
ISAKMP (0): SA not acceptable!
ISAKMP (0): sending NOTIFY message 14 protocol 3
return status is IKMP_ERR_NO_RETRANS
crypto_isakmp_process_block:src:x.x.x.x, dest:y.y.y.y spt:500 dpt:500
Any ideas?
I can get the VPN to work fine if I remove all restrictions on both inbound and outbout addresses. However as soon as I add a restriction on either interface, to permit access to or from a specific IP address or subnet, then the connection breaks altogether.
The following appears in the console log:
ISAKMP: IPSec policy invalidated proposal
ISAKMP (0): SA not acceptable!
ISAKMP (0): sending NOTIFY message 14 protocol 3
return status is IKMP_ERR_NO_RETRANS
crypto_isakmp_process_block:src:x.x.x.x, dest:y.y.y.y spt:500 dpt:500
Any ideas?
