======FIREWALL FAILS TO SETUP IPSEC TUNNEL TO CISCO ROUTER======
 
**Symptoms:**
  * XFamily Firewall fails to setup IPsec Tunnel to CISCO Router  

 
**Facts:**
  * Error: "INVALID_EXCHANGE_TYPE"  
  * CISCO 2821  
  * VPN  
  * IKE  
  * Pre-Shared Key  
  * X Family  
  * X5  
  * X506  
 

**Causes:** The Router was requiring User Authentication (XAuth) during the exchange of the Pre-Shared Key  

 
**Fixes:** Using the Security Device Manager (SDM) on the router uncheck the box for User Authentication (XAuth) in the IKE Pre-Shared Keys view.

This is similar to the following command on the PIX Firewall :

isakmp key: ******** 

address: 10.10.20.147 

netmask 255.255.255.255 

no-xauth
 
 


  * Product(s):  X Family  
  * Sub Product(s): X5, X506  



--- //[[nce@itclatam.com|David Gonzalez]] 2021/04/07 14:49//