Hello all, Im trying to set-up a new VPN S-t-S using Cisco ASA 5520 with IOS 8.4, and Im getting this error:
"Phase 2 mismatch
All IPSec SA proposals found unacceptable"
This is my config, adapting Azure template for 8.3. I really appreciate any kind of help!!!
access-list crypto-azure extended permit ip object-group INS-AccAzure object OUT-N-Azure
crypto map netscreen 1 match address crypto-azure
crypto map netscreen 1 set pfs
crypto map netscreen 1 set peer x.x.x.x
crypto map netscreen 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
tunnel-group x.x.x.x type ipsec-l2l
tunnel-group x.x.x.x general-attributes
default-group-policy GroupPolicy-Azure
tunnel-group x.x.x.x ipsec-attributes
ikev1 pre-shared-key *****
group-policy GroupPolicy-Azure internal
group-policy GroupPolicy-Azure attributes
vpn-tunnel-protocol ikev1
crypto ikev1 policy 80
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 28800