cisco and Draytek VPN Problem
I am configuring a Cisco router to a Draytek
The VPN tunnel comes up and I can start Remote Desktop sessions from the site with the Draytek to the site with the Cisco.
but I cannot do the same thing with the other way - i.e. I cannot open Remote Desktop sessions the other way.
In th cisco log is the following code when I try to connect from the Cisco site to the Dray tek site.
Any ideas what this is and how I can solve the issue?
IPSEC: Received an ESP packet (SPI= 0x79D1D28E, sequence number= 0x1) from 81.179.236.186 (user= 81.179.236.186) to 192.168.2.2. The decapsulated inner packet doesn't match the negotiated policy in the SA. The packet specifies its destination as 224.0.0.9, its source as 81.179.236.186, and its protocol as 2. The SA specifies its local proxy as Thetford_LAN/255.255.255.0
The VPN tunnel comes up and I can start Remote Desktop sessions from the site with the Draytek to the site with the Cisco.
but I cannot do the same thing with the other way - i.e. I cannot open Remote Desktop sessions the other way.
In th cisco log is the following code when I try to connect from the Cisco site to the Dray tek site.
Any ideas what this is and how I can solve the issue?
IPSEC: Received an ESP packet (SPI= 0x79D1D28E, sequence number= 0x1) from 81.179.236.186 (user= 81.179.236.186) to 192.168.2.2. The decapsulated inner packet doesn't match the negotiated policy in the SA. The packet specifies its destination as 224.0.0.9, its source as 81.179.236.186, and its protocol as 2. The SA specifies its local proxy as Thetford_LAN/255.255.255.0
ASKER
I have - the problem it seems was down to MTU size on the Draytek. I cahnged this to 1300 which was the figure on the Cisco and it all works fine!
ASKER
I in fact answered the question myself! If you see it was down to the MTU settings on the Draytek.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Such errors crop up when there is a mismatch in the ACLs. Please confirm that you use the same subnets both sides.