Lan-to-Lan connection via 3000 concentrator

Unanswered Question
May 3rd, 2007

Hi I've been trying to set up a Lan-to-Lan conneciton on my concentrator which connects to another 3000 concentrator. I'm able to ping his peer but I send traffic over the tunnel to bring it up I receive the follow message:

2330 05/03/2007 19:21:26.210 SEV=5 IKE/0 RPT=303

Received an un-encrypted Invalid Cookie notify message, dropping

I was trying to find out this means but no luck as of yet. Does anyone know what this means?

Thank you in advance

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ggilbert Fri, 05/04/2007 - 07:02

Seems like we got a message which was un-encrypted but should have been encrypted from the remote peer.

I would be able to guide you in the right direction, if you could please provide me the debugs from both the concentrators...

AUTH, AUTHDBG, IKE, IKEDBG, IPSEC, IPSECDBG for severities 1-13. Set those, and clear the logs on the monitoring section and try to pass traffic. After that, click on GETLOG and then send the logs in text format.

Cheers

Gilbert

wgranada1 Fri, 05/04/2007 - 13:13

Hi Gulbert

Sorry but we reverted back to the other peer but we get a new error message now have you ever seen this one? Where can I go to look up these messages?

201 05/04/2007 20:45:44.000 SEV=4 IKEDBG/97 RPT=269 213.138.34.25

Group [213.138.34.25]

QM FSM error (P2 struct &0x61a79c4, mess id 0xf1600ba)!

202 05/04/2007 20:45:44.000 SEV=7 IKEDBG/65 RPT=3246 213.138.34.25

Group [213.138.34.25]

IKE QM Initiator FSM error history (struct &0x61a79c4)

, :

QM_DONE, EV_ERROR

QM_WAIT_MSG2, EV_TIMEOUT

QM_WAIT_MSG2, NullEvent

QM_SND_MSG1, EV_SND_MSG

ggilbert Sat, 05/05/2007 - 07:54

Hi Warren,

It would be nice to get the debugs to figure out what is happening before and after this error messages. The QM FSM error means Quick Mode Finite State Machine error. Which really means, the concentrator got something which it really wasnt expecting.

So, an error occured....Now we need to see the debugs at what face this error happened. Please run the debugs that I asked earlier and we can troubleshoot where the problem might be.

Cheers

Gilbert

wgranada1 Sat, 05/05/2007 - 08:24

Ok will do I will try to get the user to connect and run the debugs that you requested. Thank you in advance for you help

Gilbert!!!

Actions

This Discussion