Thursday, 20 August 2009

SUNRay to Cisco VPN 28F Error

Whilst configuring some SUNRays to connect via a Cisco "Dial VPN" for a customer, I came across an error on the SUNRay during VPN authentication:

PH1 agg I est 28F

Much googling later I found that lots of people were having this issue but no one appeared to have published an answer. Anyway after some debugging it became apparent that the SUNRay needs a specific transform set:

crypto ipsec transform-set {name} esp-aes esp-sha-hmac

It appears to work very well after this, once you remember to change the MTU down to 1450 (in the UK) to accommodate the VPN headers and DSL etc.


No comments:

Post a Comment