We have a Cisco ASA 5505 that has several site-site VPN links to other Cisco devices. We want to add a VPN to a new site which has a Draytek 2860. We can configure the VPN at both ends (using e.g. http://www.draytek.com/index.php?option=com_k2&view=item&id=2027&Itemid=293&lang=en
) but always get the following sort of debug errors from the Cisco:
Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Group 1 Cfg'd: Group 2
We have tried many different IKE / IPSEC settings on both ends, with no luck so far. There's no requirement to use anything particular (AES, 3DES, etc.) - it just needs to work.
What are the specific settings (or one set of them) for each end that are known to work together? Thanks.