Greetings,
Let me preface this by saying that I have checked the documentation for the recommended phase1 configuration and I still cannot complete phase1. My device is an ASA 5520 running 8.4,
Upon sending traffic I receive log messages:
2014-06-02T23:45:14.343085-05:00 hostname.redacted : Jun 02 23:45:14 CDT: %ASA-vpn-5-713904: IP = azure_gateway.redacted, Received an un-encrypted NO_PROPOSAL_CHOSEN notify message, dropping
2014-06-02T23:45:14.343085-05:00 hostname.redacted : Jun 02 23:45:14 CDT: %ASA-vpn-4-713903: IP = azure_gateway.redacted, Information Exchange processing failed
Isakmp SA:
6 IKE Peer: azure_gateway.redacted
Type : user Role : initiator
Rekey : no State : MM_WAIT_MSG2Relevant config:
crypto ipsec ikev1 transform-set L2L_AZURE esp-aes-256 esp-sha-hmac crypto map OUTSIDE_VPN 80 match address L2L_AZURE crypto map OUTSIDE_VPN 80 set peer azure_gateway.redacted crypto map OUTSIDE_VPN 80 set ikev1 transform-set L2L_AZURE crypto map OUTSIDE_VPN 80 set security-association lifetime seconds 3600 crypto map OUTSIDE_VPN 80 set security-association lifetime kilobytes 102400000 crypto ikev1 policy 20 authentication pre-share encryption aes-256 hash sha group 2 lifetime 28800 tunnel-group azure_gateway.redacted type ipsec-l2l tunnel-group azure_gateway.redacted ipsec-attributes ikev1 pre-shared-key key.redacted
I have other ikev1 policies but the one listed should meet the requirements listed
here.
Is there something I am missing?
Thanks in advance.