Wireless Access

Hi,

I havs several RAP with IPsec down status.

The controller process log shows a lot of messages

Aug 7 07:31:40 isakmpd[1496]: <103060> <DBUG> |ike| 125.XXX.XXX.87:4500-> ike_phase_1.c:attribute_unacceptable:2685 Proposal match failed in encryption algo, configured=AES_CBC, peer using=3DES_CBC

Aug 7 07:31:40 isakmpd[1496]: <103060> <DBUG> |ike| 125.XXX.XXX.87:4500-> ike_phase_1.c:attribute_unacceptable:2711 Proposal match failed in auth algo, configured=RSA_SIG, peer using=unknown

below is my crypto configuration,

please give me a hint,

Thank you !

crypto isakmp policy 20

  encryption aes256

!

crypto isakmp key "a6ee1490ac869fadc7941630cd7d70df47673fb7cc2f8d7f" address 0.0.0.0 netmask 0.0.0.0

crypto ipsec transform-set default-boc-bm-transform esp-3des esp-sha-hmac

crypto ipsec transform-set default-rap-transform esp-aes256 esp-sha-hmac

crypto ipsec transform-set default-aes esp-aes256 esp-sha-hmac

crypto dynamic-map default-dynamicmap 10000

  set transform-set "default-transform" "default-aes" 

!

no crypto-local isakmp xauth

crypto isakmp eap-passthrough eap-tls

crypto isakmp eap-passthrough eap-peap

crypto isakmp eap-passthrough eap-mschapv2

The proposal match failed normally just shows the controller cycling through configured crypto maps to try to match the incoming request.  It by itself does not mean anything is wrong.  Eventually it finds the correct one and everything works.

With regards to your issue, has anything changed?  Have there been any outages?  You did not say if anything corresponds with your RAPs being down...