Prev: NTP Failed Validity Tests 20
Next: ESMTP inspection problem (ASA 7.2)
From: will.mays on 2 Apr 2007 02:44
Hi,

I have a site-to-site IPSec VPN between a cisco 837 ADSL router and a
Fortigate 60 firewall appliance.
The tunnel is up and passing traffic OK, however in the log it is
showing the following:
%CRYPTO-6-IKMP_BAD_DOI_NOTIFY: DOI of 0 in notify message from
[fortigate_ip]

I have run in a few directions and can't seem to find a meaning or
resolution for that error.

Relevant sections of my config are below:

crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 5
crypto isakmp key [psk] address [fortigate_ip]

crypto ipsec transform-set cm-transformset-1 esp-3des esp-md5-hmac

crypto map cm-cryptomap 1 ipsec-isakmp
set peer [fortigate_ip]
set transform-set cm-transformset-1
match address site2sitevpn

interface Dialer0
...
crypto map cm-cryptomap

ip access-list extended internet
permit esp any any
...
permit udp any any eq non500-isakmp
permit udp any any eq isakmp

ip access-list extended nonat
deny ip 192.168.10.0 0.0.0.255 192.168.0.0 0.0.0.255
permit ip 192.168.10.0 0.0.0.255 any
ip access-list extended site2sitevpn
permit ip 192.168.10.0 0.0.0.255 192.168.0.0 0.0.0.255
dialer-list 1 protocol ip permit
!
route-map nonat permit 10
match ip address nonat


Thanks in advance,
Will Mays

 | 
Pages: 1
Prev: NTP Failed Validity Tests 20
Next: ESMTP inspection problem (ASA 7.2)