VPN Tunnel Error?

Unanswered Question
Sep 7th, 2007
User Badges:

I have a VPN Tunnel between a PIX 515E (6.3) and an ASA 5510 (7.1). The tunnel went down recently, and removing one of two crypto map statements that was going to the same destination and rebuilding the tunnel brought it back up. However, on the PIX debug isakmp still shows the following:


ISAKMP (0): processing NOTIFY payload 36136 protocol 1

spi 0, message ID = 1312318556

ISAMKP (0): received DPD_R_U_THERE from peer 255.255.255.255

ISAKMP (0): sending NOTIFY message 36137 protocol 1

return status is IKMP_NO_ERR_NO_TRANS


crypto_isakmp_process_block:src:255.255.255.255, dest:255.255.255.254 spt:500 dpt:500


What does this mean, typically? Also, can one determine if this tunnel will fail again? We have two other site to site VPN tunnels on the PIX, and neither of the other two devices generate these messages. I'll send configs, if necessary.


Thanks!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
didyap Thu, 09/13/2007 - 06:04
User Badges:
  • Silver, 250 points or more

You are getting these messages because you have not correctly removed the config for the crypto map statement on either or both of the devices. Although this error is only cosmetic and will have no effect on the performance of the tunnel. Tunnels do go down due to variety of reasons and it is very hard to determine if a tunnel may go down unless the issue is very frequent.

Actions

This Discussion