Remote span between Extreme and Cisco switches

Hello,
I need to configure remote span between Extreme Networks X460-24p and Cisco Cataylst 2960X switches. 2 IP phones are connected to ports 15 and 17 on Extreme switch, and should be monitored to port 1/0/47 on Cisco switch. Extreme and Cisco switches are interconnected with trunk (port 28 on Extreme with port 1/0/51 on Cisco).
I configured the following:
On Extreme switch:
configure mirror mode enhanced
enable mirroring to port 28 remote-tag 1000
configure mirroring add port 17 ingress-and-egress
configure mirroring add port 15 ingress-and-egress
On Cisco switch:
vlan 1000
 name RemoteSPAN
 remote-span
monitor session 1 destination interface Gi1/0/47
monitor session 1 source remote vlan 1000
But this is not working :(
Does enyone have experience with this? I really need help to make this work.
Thanks.

OK, this configuration is actually working :)

Similar Messages

  • IPSEC between Fortinet and Cisco SA540

    Hi,
    We have done the site to site VPN between Fortinet and Cisco SA540. Everything is configured at both ends but the tunnel is not establised. Can you help me out to resolve the issue.
    Regards,
    Satish.

      Hello Venkatasatish,
    I gonna send you an example of VPN between Cisco ASA 8.2 version and Fortigate mr4.
    In my example i gonna use the following environments:
    Cisco ASA "Zones"
    Inside: 192.168.1.0/24     "Asa inside interface Ip address 192.168.1.1"
    Outside: 200.200.200.0/29  "Asa outside interface Ip address 200.200.200.1"
    Fortigate "Zones"
    inside: 172.16.1.0/24     "Asa inside interface Ip address 172.16.1.1"
    outside: 201.201.201.0/29  "Asa outside interface Ip address 201.201.201.1"
    =================================> VPN Script of ASA <=================================
    access-list inside_access_in remark Firewall rule from ASA to Fortigate
    access-list inside_access_in extended permit ip 192.168.1.0 255.255.255.0 172.16.1.0 255.255.255.0 log notifications
    access-group inside_access_in in interface inside
    access-list VPN_NONAT remark Nonat to VPN traffic over VPN
    access-list VPN_NONAT extended permit ip 192.168.1.0 255.255.255.0 172.16.1.0 255.255.255.0
    access-list CryptoMap_ASA_to_Fortigate remark VPN Site-to-Site to Fortigate Site
    access-list CryptoMap_ASA_to_Fortigate extended permit ip 192.168.1.0 255.255.255.0 172.16.1.0 255.255.255.0
    nat (inside) 0 access-list VPN_NONAT
    crypto isakmp enable outside
    crypto isakmp policy 1
    authentication pre-share
    encryption 3des
    hash sha
    group 2
    lifetime 86400
    crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    crypto map OUTSIDE_map 1 match address CryptoMap_ASA_to_Fortigate
    crypto map OUTSIDE_map 1 set peer 201.201.201.1
    crypto map OUTSIDE_map 1 set transform-set ESP-3DES-SHA
    crypto map OUTSIDE_map 1 set security-association lifetime seconds 3600
    crypto map OUTSIDE_map interface outside
    group-policy GP_TO_FORTIGATE internal
    group-policy GP_TO_FORTIGATE attributes
    vpn-idle-timeout none
    vpn-tunnel-protocol IPSec
    tunnel-group 201.201.201.1 type ipsec-l2l
    tunnel-group 201.201.201.1 general-attributes
    default-group-policy GP_TO_FORTIGATE
    tunnel-group 201.201.201.1 ipsec-attributes
    pre-shared-key cisco123
    =================================> VPN Script for Fortigate ==============================
    Phase 1:
    FORTIGATE# config vpn ipsec phase1-interface  "enter"
    FORTIGATE (phase1-interface) # edit 200.200.200.1 "enter"
            set interface "outside"
            set keylife 86400
            set mode main
            set dhgrp 2
            set proposal 3des-sha1
            set remote-gw 200.200.200.1
            set psksecret ENC cisco123
            next "to apply the configuration"
    Phase 2
    FORTIGATE# config vpn ipsec phase2-interface
        edit 200.200.200.1
            set keepalive enable
            set pfs disable
            set phase1name "200.200.200.1"
            set proposal 3des-sha1
            set dst-subnet 192.168.1.0 255.255.255.0
            set keylifeseconds 3600
            set src-subnet 172.16.1.0 255.255.255.0
            next "to apply the configuration"
    Config route to VPN: I am using 100 entry, you need to take a look at your firewall.
    FORTIGATE# config router static "enter"
    FORTIGATE (static) # edit 100 "enter"
    FORTIGATE (100) #  set device "200.200.200.1"
                       set distance 1
                       set dst 192.168.1.0 255.255.255.0
    Create a Rule: in my example I´m using any to any over VPN, but you can to filter based on network environments.
    FORTIGATE # config firewall policy "enter"
    FORTIGATE (policy) # edit 100 "enter"
    config firewall policy
        edit 100
            set srcintf "200.200.200.1"
            set dstintf "inside"
                set srcaddr "all"            
                set dstaddr "all"            
            set action accept
            set schedule "always"
                set service "ANY"            
            set logtraffic enable
            set comments "Access from VPN ASA site"
    FORTIGATE (policy) # edit 101 "enter"
    config firewall policy
        edit 101
            set srcintf "inside"
            set dstintf "200.200.200.1"
                set srcaddr "all"            
                set dstaddr "all"            
            set action accept
            set schedule "always"
                set service "ANY"            
            set logtraffic enable
            set comments "Access to VPN ASA Site"
    After that, please start a traffic between private network, 192.168.1.0 and 172.16.1.0/24.
    Please let me know about it!
    Good luck.
    Fabio Jorge Amorim

  • IPSec ikev2 between ASA and Cisco Router

    Hi,
    i try to do IPSec with ikev2 (SHA2) between ASA and Cisco Router, without success. Any one can help me ?
    - Remote site (Router) with dynamic public IP -> Dynamic crypto map on the ASA
    - Authentication with Certificats
    - integrity sha2
    I try a lot of configurations without success.
    Thanks for your help.
    Mic

    The more secure ike policy should have the higher priority which is a smaller number. So I would configure there the following way (policy 30 only if really needed):
    crypto ikev1 policy 10
    authentication pre-share
    encryption aes-256
    hash sha
    group 5
    lifetime 28800
    crypto ikev1 policy 20
    authentication pre-share
    encryption aes-256
    hash sha
    group 2
    lifetime 28800
    crypto ikev1 policy 30
    authentication pre-share
    encryption aes
    hash sha
    group 2
    lifetime 43200
    The Cisco VPN Client is EOL and not supported any longer. And yes, by default DH group 2 is used. But that can be configured by a parameter in the PCF-file.
    There are two (three) better options:
    Best option with very little needed configuration:
    Move to AnyConnect with TLS. AnyConnect is the actual Cisco client that is also supported with Windows 8.x. The legacy IPsec client isn't.
    Best option with a little stronger crypto but more configuration:
    Move to AnyConnect with IPsec/IKEv2. 
    Move to a third-party client like shrew.net. I didn't use that client since a couple of years any more, but it's quite flexible and also has a config for a better DH-group.
    For option 1) and 2) there is an extra license needed, but thats not very expensive.

  • How to create multiple sip trunks between cucm and cisco unified sip proxy

    Dear Expert,
    Is there a way to create multiple sip trunks between CUCM and Cisco Unified SIP Proxy (CUSP)? How to achieve it without creating multiple IP interfaces on the CUSP module.
    CUCM: 8.5.1.10000-9
    CUSP: 8.5.2
    Thank you,
    .wan

    Hello Michael,
    This SIP trunk is part of UCCE solution, which used between CVP, CUSP, and CUCM.
    The requirements:
    1) To have different codecs for different type of calls, as the phones are at few countries
    2) To pass different number of digits from CUSP to CUCM for different call treatments
    .wan

  • ARD and Cisco switches (multicast storm issue)?

    We had Cisco bring in an engineer to look into our problem where ARD stalls/fails to push packages or pull reports (etc.). We never have a problem remotely controlling computers.
    They told us "Multicast" needs to be on at every switch that has Macs connected. In one environment all Macs are on the 10.100.9.xx subnet, and Macs are at different locations. All the switches these dot-9 subnet Macs are connected to need "Multicast" turned on.
    I've read numerous threads regarding how Macs drift in and out and ARD is not able to do what it's advertised to do. Has anyone run into this issue where Cisco switch configuration caused ARD to not perform properly?
    I will summarize once Cisco resolves the issue. They're due in for another test or two before we can make the necessary switch adjustments.
    Thanks,
    Don

    I have 3COM switches and they appear to be performing as your CISCOs are. I have computers drift in and out all day as well as my task server not responding to input at all. When trying to browse the LAN for computers, I don't receive any information regarding my computers, or I only get 5 out of 2100. I will talk with my Network Administrator and find out if Multicast is turned on. I have sent Apple 300 crash reports over the past 3 months, but have not received any word on a fix for ARD issues.

  • Interconnection between HP and Cisco is not working

    Dear all,
    I support some old colleagues by connecting a Cisco 2960x with an HP Switch. Both sides are UP/UP, stp is fine, channel also. The Cisco switch is also fine. But not data traffic is working.
    I see that we are sending but not receicing any packet. the same on the other side. We checked the cabeling use different fibers, etc. everything is fine. when we connect a copper port, its also fine. Online on the LWL side we have this problem. But interface and line protocol is UP.
    Is there any command I may not know to check the LWL. UDLD is not working because we have just on cisco on one end. test tdr works only on copper. I guess there is something wrong with the compatibility between the both Gbics, but i can't exaclty say what it is. We use monomode and LX Gbic. 
    On another Core Switch HP/Cisco is working finde with SX.
    I don't have live access, so sorry for any delay in my answer.
    regards,
    Sebastian

    Hi cbafiero,
    It seems that the problem lies in your router. I'm not sure exactly what the issue is (I've just now discovered it myself), but after switching from a Linksys WRT54GX2 to a thrift store Netgear, my shared libraries appeared instantly. My gut is telling me that the Linksys routers are blocking the multicast traffic, which is stupid on Linksys's part, to filter traffic internally. I'll look more into the Netgear and see what it has that the Linksys doesn't (or vice versa).

  • LACP between SRW2048 and Cisco 3750

    Hi,
    I have been trying to set up a LACP link between my SRW2048 and Cisco 3750 using two gigabit ethernet links.
    Whenever i plug one cable in the interface does not come back up.
    I have already sucessfully been able to create a LACP link between the 3750 and a catalyst 2960 for two cables.
    Both interfaces at both units are set up as trunks for Vlans 1 (default and untagged), 4, 99, 101, and 102, then the Port-channel / LAG set also as a trunk with the same vlans.
    Does anyone have any ideas why the interface is not even initialising?
    If i plug a SRW2048 LAG'd interface into a normal access (vlan1) port on the 3750 it works fine, and vice versa with the 3750 to the SRW2048.
    Below is a extract of logs from both:
    -- Log from SRW2048
    1   2147483579   07-Oct-2008 16:12:24    Informational   %LINK-I-Up:  ch1            
    2   2147483580   07-Oct-2008 16:12:24    Informational   %LINK-I-Up:  Vlan 102            
    3   2147483581   07-Oct-2008 16:12:24    Informational   %LINK-I-Up:  Vlan 101            
    4   2147483582   07-Oct-2008 16:12:24    Informational   %LINK-I-Up:  Vlan 99            
    5   2147483583   07-Oct-2008 16:12:24    Informational   %LINK-I-Up:  Vlan 5            
    6   2147483584   07-Oct-2008 16:12:24    Informational   %TRUNK-I-PORTADDED: Port g4 added to ch1            
    7   2147483585   07-Oct-2008 16:12:19    Informational   %LINK-I-Up:  g4            
    ## Plugged back into standard vlan1 access port ##
    ## Plugged into LACP enabled port on 3750 ##
    ## Unlugged from standard vlan1 access port ##
    8   2147483586   07-Oct-2008 16:11:10    Warning   %LINK-W-Down:  ch1            
    9   2147483587   07-Oct-2008 16:11:10    Warning   %LINK-W-Down:  g4            
    10  2147483588   07-Oct-2008 16:11:10    Warning   %LINK-W-Down:  Vlan 102            
    11  2147483589   07-Oct-2008 16:11:10    Warning   %LINK-W-Down:  Vlan 101            
    12  2147483590   07-Oct-2008 16:11:10    Warning   %LINK-W-Down:  Vlan 99          
    13  2147483591   07-Oct-2008 16:11:10    Warning   %LINK-W-Down:  Vlan 5            
    14  2147483592   07-Oct-2008 16:11:10    Warning   %TRUNK-W-PORTREMOVED: Port g4 removed from ch1    
    -- Log from Catalyst 3750
    mercury#terminal monitor
    mercury#
    Oct  7 15:10:44: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet   1/0/17, changed state to down
    Oct  7 15:10:45: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/17, changed state    to down
    Oct  7 15:11:54: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/17, changed state    to up
    Oct  7 15:11:55: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet   1/0/17, changed state to up
    mercury#

    The linksys documentation is a little thin on the ground all over.
    However, if i have got this correct the Admin key needs to be the same for all interfaces in the same LAG for one switch i.e not the same for both ends of the cable?
    As for the priority, i assumed this was to do with how the switch dealt with with interfaces were to be active if there were more in the group than could be allowed - to allow for backup links. Is this correct?
    Thanks for your reply.

  • Cisco Transparent firewall and cisco switch issues.

    Dears,
    I have a very plain scenario
     LAN cisco switch <2 vlans>  ----------> cisco transparent firwall with bvi interface ------------>  crypto box ---------> cisco router ------ <remote/other site>
    i have vlan 61 configured on bvi interface of firewall, crypto box and also on the switch port and vlan of 61 is up up .
    The issue is i can connect remotely to cisco transparent firewall but cannot ping or connect to cisco switch. ???????????
    Need to know some trobuleshooting tips and basic settings that i need to verify. I simply want lan switch with 2 vlans to pass through the cisco transparent firewall and go to other site/remote site.

    Well,
    i have put the inspection icmp turned on for the sessions , and the version i am using is 9.1 
    moreover, i have put u p the ACLs for inbound and outboudn traffic, and while i ping across the firewall from the inside interface towards outside interface PC, i can see packet counts increasing on the acl , during the show access-llist command.
    i have requested the client to verify his part. do let me know further tips if you have any.
    [ moreover we cannot try to use packet-tracer from cli in transparent mode ]

  • Setup and connections for 3 airport extremes and 2 switches?

    I'm finally getting ethernet wiring in my house rather having to rely on just wireless, but due to the lath and plaster walls I'll still end up having a separate Airport Extreme 802.11ac unit on each floor, otherwise the signal drops off dramatically with dead spots. I'm assuming that I should no longer do an extended network between the airport extremes, but I'm not sure of the proper wiring between the ethernet switches I'll have, the airport extremes, etc. either. Here's the gear...
    2nd floor
    cable modem
    8 port ethernet switch
    main airport extreme, should provide DHCP and NAT
    cable modem plugs into the main switch
    airport extreme plugs into the main switch
    1st floor
    airport extreme
    there will be an ethernet cable from the basement ethernet switch to the 1st floor unit, which is the only feasible hardwire connection that I can make unless I pull a second long run of ethernet from the second floor, go to the basement and then back over to the first floor connection spot.
    Basement
    airport extreme
    second 8 port ethernet switch
    there will be an ethernet cable running from the 2nd floor ethernet switch to the basement switch
    There are also additional airport express boxes attached to audio equipment and an AppleTV attached to an AV receiver for TV. Various printers, game consoles, etc. will plug into the ethernet switches.
    As described above, all connections are going to the switches, not coming out of the main airport extreme and going to another airport extreme.
    First of all, is the wiring described make sense or should it be handled differently?
    Secondly, rather than an extended network, since I'll have hardwire ethernet connections between switches to all of the airports, what is the proper network topology to use in the airport utility? Does each of the three airports end up being their own wireless network, but just sharing the same name for 802.11 b/g, n, and ac? Any links to help me figure this out or do I need to make an Apple genius appointment?

    2nd floor
    cable modem
    8 port ethernet switch
    main airport extreme, should provide DHCP and NAT
    cable modem plugs into the main switch
    airport extreme plugs into the main switch
    What is the make and model number of the modem?
    If it is a simple modem....(not a modem/router or gateway device)....you cannot have an Ethernet switch between the simple modem and the AirPort Extreme.
    Instead, the modem must connect to the AirPort Extreme, and the Ethernet switch then connects to the AirPort Extreme.
    However, if your "modem" is a modem/router or gateway device.....you could connect the Ethernet switch to the modem/router......but you would not configure the AirPort Extreme to provide DHCP and NAT.....since the modem/router or gateway would already be providing those services.
    Let's get this clarified before we go any further, since the entire network will depend on this.

  • Windows 7 LLDP and Cisco Switches

    Does Windows 7 support IEEE LLDP (not to be confused with MS LLTP). We have LLDP enabled on are Cisco Switches and want to be able to see are what ports the Windows 7 devices are connected to. Using the Cisco Show LLDP neighbors.

    Hi,
    I suggest you refer to the following article in MSDN blog:
    Link Layer Topology Discovery Protocol Specification
    http://msdn.microsoft.com/en-us/library/windows/hardware/gg463061.aspx
    Thanks,
    Vincent Wang
    TechNet Community Support

  • Link aggregated between NAS and a switch: the Mac as a very slow access...

    Hello,
    in my Office we're working with Macs and PCs and all the data is on a NAS.
    Here is our configuration:
    NAS <-link1->Switch<-Link2->Macs or PC.
    Macs are connected with AFP protocol (because SMB is very slow).
    We want to use Link Aggregation between the NAS and the switch (with 802.3ad procotol) but when we do that all the Macs have a very slow access to the NAS. But all is OK with the PCs.
    What can we do? Is there a problem with macOS X and link aggregation?
    Thank you for your help.
    Nicolas

    Sorry, not sure what the question is exactly.
    You must have an Xserve, or Ethernet cards capable of Jumbo Frames for one, I assume the Switch & NAS are capable?
    Possible clues...
    http://docs.info.apple.com/article.html?path=ServerAdmin/10.4/en/c3ha3.html
    http://discussions.apple.com/thread.jspa?threadID=1715388&tstart=0
    http://www.macnn.com/articles/04/06/21/link.aggregation.for.macs/
    http://www.smallnetbuilder.com/content/view/30556/53/
    http://www.afp548.com/forum/viewtopic.php?showtopic=8309

  • Converged 10gig server adapters and Cisco switches

    I have little network with 4 vsphere servers connected to clustered 3750x with 4*1Gig NICs per server.
    Servers are connected to central storage with two 8Gbps FC links per server. I don’t have FO switches cause central storage is equipped with 4 FO ports per controller.
    I want to upgrade servers and central storage. Servers will have two converged 10gig (HP FlexFabric) and 4*1 Gig interfaces
    I need to upgrade 3750x switches with new one with 10 gig interfaces.
    I am looking for two new Cisco switches that can handle converged traffic from server 10gig interfaces (iSCSI, FCoE).
    Nice feature will be if it is possible to connect existing FC storage to the new switches.
    Kind regards,
    Vice Lacmanovic

    Hello, vlacmanov. 
    I recommend at least the Nexus 5000 to support iSCSI and FCoE over your 10GE interface. (http://cs.co/9001SoyL) Do you already have any existing Cisco Nexus on your network?
    Let me know if you have additional concerns or e-mail ([email protected]) me directly. Kind regards. 

  • Multicasting (IGMP Snoop) between Nortel and Cisco

    We are currently having issues with Zen imaging (multicasting) and our setup is the following.
    Please take into account, our knowledge is very limited with IGMP Snooping setup etc.
    MDF = 6 Nortel 450-24T's using FirmWare -1.48 / SoftWare - 4.5.2.4
    IGMP Settings are such :
    VLAN: [ 1 ]
    Snooping: [ Enabled ]
    Proxy: [ Disabled ] -----> This was on...but once off, runs much smoother.
    Robust Value: [ 2 ]
    Query Time: [ 125 seconds ]
    Set Router Ports: [ Version 1 ]
    In the MDF (anythig directly in those switches) images fine now. (once I disabled PROXY)
    However I have a few IDF's off the MDF that are using OLD Nortel 350F-HD's (no IGMP Snooping support) and it's horrible (can only do a few computers at a time.
    So in one of the IDF's (the biggest one) I pulled out the 350F-HD and replaced it with a CISCO 2950 w/Fiber and it's using 12.1.20EA1 and I left IGMP Snooping on (thinking this will fix it) and couldn't even get ONE machine to connect and image in the multicast session. It's settings were (by default):
    Global IGMP Snooping configuration:
    IGMP snooping : Disabled
    IGMPv3 snooping (minimal) : Enabled
    Report suppression : Enabled
    TCN solicit query : Disabled
    TCN flood query count : 2
    Vlan 1:
    IGMP snooping : Disabled
    Immediate leave : Disabled
    Multicast router learning mode : pim-dvmrp
    Source only learning age timer : 10
    I then completly disabled IGMP Snooping on the CISCO and we're able to Image 5-7 Computers without a crash (more than that and it crashes - disconnects etc)
    In the area's that I have All 450's or all CIsco's the imaging seems to go fine. (with minor errors)
    Can any one give me some advice (or hopefully ran into this mixed setup before)?
    Thank you.

    Bosalaza,
    Thank you for replying (and I read even more on the ip multicast routing). However I've not ran into the same issue at any school that has 100% cisco switches or 100% Nortels (that are setup correctly and not older than dirt). I think we've not needed the multicast routing setup as we only have one router on the network (and it's flat at the moment anyway). As long as IGMP Snooping is enabled correctly (on the switches) it seems to serve us well.
    Although from what I've read (where you pointed me too) it seems even in our setup we would benifeit from taking time to setup "ip pim ....." etc.
    I was able to scrounge from another network and change out a few very old Nortels (that didn't support IGMP Snoop) and all seems well now.
    So long story short (and incase anyone else needs this info. The Nortel 350T and F - HD's were the main issue. It seems (for now) that a mixture of Nortel 350/450-24T's (any model that at least has IGMP Snooping) and Cisco's mixed (also Snoop on) works pretty well.
    I'm going to consider this solved as I was able to fix it with changing out some old product. However I really appreciate your efforts and pointing my towards some good info. (Which I'm going to read up on more, as I'm sure we'll need to get it setup in the near future.)
    Thanks again.

  • 3com and cisco switches (802.1q)vlan integration problem - broadcast storm?

    Hi forum,
    we are using 3com switches, the 3com switches implement open vlans, which mean if an ieee 802.1q packet is received at a port and the port is not a member of that vlan, the switch does not perform vlan filtering. if the address is previously learned, it will be forwarded correctly, but if it is not, it will be flooded to all ports within that VLAN.
    my questions:
    1) if another cisco switch connected with the 3com switch are placed in the same vlan, and the 3com switch received a 802.1q packet from a rogue device, it will be flooded to all the ports(including the cisco ports) within that VLANs, will it cause a broadcast storm?
    2) how do i configure the cisco switch to filter off unknown tagged packet on a port? by using vlan prunning?
    3) how do i blocked the broadcast from the 3com switches? using broadcast suppression?
    4) is there a way on the design side to effectly counter this problem?
    Kind regards,
    paul

    It sounds like setup of your 3com switch is not quite up to your requirements. If a port is declared as tagged, it's ok to receive tagged frames for VLAN's that were not previously known on this port. However if your policy requires that only specific VLAN's are permitted on given tagged port, then you need to add some extra command on your 3com switch. Check with documentation and possibly with your 3com support partner.
    As for cisco routers, tagged ports in Cisco-speach are trunks (this might be confusing for you as 3com calls trunks what in Cisco world is known as either Etherchannel or port aggregation). By default a trunk (tagged) port allows any VLAN. If your policy requires so, you can explicitly specify which VLAN's are allowed on given trunk (tagged) port. If a frame arrives with a tag that is not on the allowed list, the frame will be discarded. So you don't need any fancy broadcast supression to block traffic from disallowed vlans coming from your 3com switch to cisco.
    P.S.: Make sure that you don't mistake 'member of VLAN' with 'native VLAN'. Some parts of your message suggest that you do.

  • VPN between RV042 and Cisco 2801

    HI
    Kindly help me out. I'm configuring a p2p vpn between a cisco 2801 with IOS 12.3 and a linksys RV042. I'm getting following error on Linksys and Cisco respectively.
    [Tunnel Negotiation Info] >>> Initiator Send Main Mode 1st packet
    Dec 19 02:40:42 2011
         VPN Log
        Received informational payload, type NO_PROPOSAL_CHOSEN
    dst             src             state               conn-id     slot    status
    x.x.x.x       x.x.x.x   MM_NO_STATE          0        0       ACTIVE
    Below are my config:
    Linksys RV042:
    Keying Mode: IKE with Preshared Key
    Phase1 DH Group: Group2
    Phase1 Encryption: 3DES
    Phase1 Authentication: MD5
    Phase1 SA Life Time: 28800
    Perfect forward secrecy : enabled
    Phase2 DH Group: Group2
    Phase2 Encryption: 3DES
    Phase2 Authentication: MD5
    Phase2 SA Life Time: 28800
    Preshared Key: xxxxxx
    Cisco 2801:
    crypto isakmp policy 11
    encr 3des
    authentication pre-share
    group 2
    lifetime 28800
    crypto isakmp key xxxxxx address xxxxxx
    no crypto isakmp ccm
    crypto ipsec transform-set STRONGER esp-3des esp-md5-hmac
    crypto map myvpn 10 ipsec-isakmp
    set peer xxxxxx
    set transform-set STRONGER
    set pfs group2
    match address 103
    interface FastEthernet0/0
    ip address 10.0.0.56 255.255.255.0
    ip nat inside
    ip virtual-reassembly
    no ip route-cache
    duplex auto
    speed auto
    no mop enabled
    interface FastEthernet0/1
    ip address xxxx xxxx
    ip nat outside
    ip virtual-reassembly
    no ip route-cache
    duplex auto
    speed auto
    crypto map myvpn
    ip nat pool branch xxxxxx xxxxx netmask 255.255.255.240
    ip nat inside source route-map nonat pool branch overload
    access-list 103 permit ip 10.0.0.0 0.0.0.255 192.168.2.0 0.0.0.255
    access-list 110 deny   ip 10.0.0.0 0.0.0.255 192.168.2.0 0.0.0.255
    access-list 110 permit ip 10.0.0.0 0.0.0.255 any
    snmp-server community public RO
    route-map nonat permit 10
    match ip address 110
    Rgards
    SAM

    Hi,
    It looks like you are using the default hash for the crypto isakmp policy and that your connection is failing on the phase 1 negotiation.  The default hash on the crypto isakmp policy is sha.  On the 2801 try adding hash md5.
    crypto isakmp policy 11
    encr 3des
    hash md5
    authentication pre-share
    group 2
    lifetime 28800
    Let me know if that helps.
    Thank you,
    Jason NIckle

Maybe you are looking for