03-23-2007 10:09 AM - edited 03-09-2019 05:39 PM
We have several sites that are connected by T-1's. We have setup DMVPN using DSL as backup connections for the T-1's. A few of the sites DMVPN/DSL connections are good I am getting encaps & decaps, but a few are stuck in the "MM_NO_STATE" phase and will not go to "QM_IDLE". I have checked and checked the configs on the ones that are having issues and can't seen to find the problem. From a config statndpoint it looks fine. Any troubleshooting suggestions?
03-25-2007 01:47 AM
Double check your isakmp profiles and make sure you have the correct pre-shared keys. For the sites which are not working remove the ISAKMP profile and see if they work without encryption
03-26-2007 09:09 AM
I tried and am still not having any luck. This is part of my debug.
.Mar 26 09:23:33: ISAKMP (0:13): phase 1 packet is a duplicate of a previous packet.
.Mar 26 09:23:33: ISAKMP (0:13): retransmitting due to retransmit phase 1
.Mar 26 09:23:34: ISAKMP (0:13): retransmitting phase 1 MM_KEY_EXCH...
.Mar 26 09:23:34: ISAKMP (0:13): incrementing error counter on sa, attempt 1 of 5: retransmit phase 1
.Mar 26 09:23:34: ISAKMP (0:13): retransmitting phase 1 MM_KEY_EXCH
03-26-2007 11:09 AM
Brandon
From the fact that it appears to be stuck in the key exchange phase I believe that the suggestion to check carefully to make sure that you have keys configured correctly was a good suggestion.
HTH
Rick
03-26-2007 01:38 PM
I figured out the problem. The problem was on the Netopia DSL router that was being used for the backup connection. On the Netopia I had to enable "expose internal ip addresses". I now have encaps & decaps.
Thanks for your help!
-BR
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: