Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
431
Views
0
Helpful
1
Replies

VPN Tunnel Error?

grobinson23
Level 1
Level 1

‎09-07-2007 07:41 AM - edited ‎02-21-2020 03:15 PM

I have a VPN Tunnel between a PIX 515E (6.3) and an ASA 5510 (7.1). The tunnel went down recently, and removing one of two crypto map statements that was going to the same destination and rebuilding the tunnel brought it back up. However, on the PIX debug isakmp still shows the following:

ISAKMP (0): processing NOTIFY payload 36136 protocol 1

spi 0, message ID = 1312318556

ISAMKP (0): received DPD_R_U_THERE from peer 255.255.255.255

ISAKMP (0): sending NOTIFY message 36137 protocol 1

return status is IKMP_NO_ERR_NO_TRANS

crypto_isakmp_process_block:src:255.255.255.255, dest:255.255.255.254 spt:500 dpt:500

What does this mean, typically? Also, can one determine if this tunnel will fail again? We have two other site to site VPN tunnels on the PIX, and neither of the other two devices generate these messages. I'll send configs, if necessary.

Thanks!

Labels:
0 Helpful
1 Reply 1

didyap
Level 6
Level 6

‎09-13-2007 06:04 AM

You are getting these messages because you have not correctly removed the config for the crypto map statement on either or both of the devices. Although this error is only cosmetic and will have no effect on the performance of the tunnel. Tunnels do go down due to variety of reasons and it is very hard to determine if a tunnel may go down unless the issue is very frequent.

0 Helpful
Customers Also Viewed These Support Documents