Ping a Specific Port

Question

longneck

Asked: 2011-09-17 09:52:38 +0800 CST2011-09-17 09:52:38 +0800 CST 2011-09-17 09:52:38 +0800 CST

"All IKE SA proposals found unacceptable!", but what was proposed?

772

I'm trying to get VPN working between various devices and a Cisco ASA 5520 running 7.2(1). When trying to connect with a Mac running OX X 10.5.8, I keep getting this error: On the ASA it says:

Sep 16 13:44:02 [IKEv1 DEBUG]: Group = <redacted>, IP = <redacted>, All SA proposals found unacceptable
Sep 16 13:44:02 [IKEv1]: IP = <redacted>, All IKE SA proposals found unacceptable!

How can I tell what the Mac is asking for that the ASA will not provide?

1 Answers

Voted

paulos · Answer 1 · 2011-09-20T03:07:02+08:00

Best Answer

paulos

2011-09-20T03:07:02+08:002011-09-20T03:07:02+08:00

I don't think there is a way to see what proposal an incoming device attempted. Even 'debug isakmp 99' on the ASA will not reveal this. However I believe the default phase 1 settings for Apple devices would be 3DES/SHA-1/DH2, so on your ASA you would need to configure something similar to...

crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400

and you'll need to enable nat-t if you haven't already:

crypto isakmp nat-traversal 3600

This document on the Cisco website covers L2Tp over IPSEC and has a little section on iPhone and MAC OS X compatibility

3

"All IKE SA proposals found unacceptable!", but what was proposed?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Resolve host name from IP address

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?