VPN Wont establish

Unanswered Question
Oct 16th, 2007

I got a calling saying a site to site vpn went down at lunch time. here is the output from


debug crypto map iskamp


anyone got any ideas why phase 1 wont establish. apparently the config has not changed


004135: Oct 16 15:46:18.252 GMT: ISAKMP:(0): SA request profile is (NULL)

004136: Oct 16 15:46:18.252 GMT: ISAKMP: Created a peer struct for 1.2.3.4, peer port 500

004137: Oct 16 15:46:18.252 GMT: ISAKMP: New peer created peer = 0x66987258 peer_handle = 0x80000091

004138: Oct 16 15:46:18.252 GMT: ISAKMP: Locking peer struct 0x66987258, refcount 1 for isakmp_initiator

004139: Oct 16 15:46:18.252 GMT: ISAKMP:(0):Setting client config settings 648D8E78

004140: Oct 16 15:46:18.252 GMT: ISAKMP: local port 500, remote port 500

004141: Oct 16 15:46:18.252 GMT: ISAKMP: set new node 0 to QM_IDLE

004142: Oct 16 15:46:18.252 GMT: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 642FE3D4

004143: Oct 16 15:46:18.252 GMT: ISAKMP:(0):Can not start Aggressive mode, trying Main mode.

004144: Oct 16 15:46:18.252 GMT: ISAKMP:(0):found peer pre-shared key matching 1.2.3.4

004145: Oct 16 15:46:18.252 GMT: ISAKMP:(0): constructed NAT-T vendor-07 ID

004146: Oct 16 15:46:18.252 GMT: ISAKMP:(0): constructed NAT-T vendor-03 ID

004147: Oct 16 15:46:18.252 GMT: ISAKMP:(0): constructed NAT-T vendor-02 ID

004148: Oct 16 15:46:18.252 GMT: ISAKMP:(0):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM

004149: Oct 16 15:46:18.252 GMT: ISAKMP:(0):Old State = IKE_READY New State = IKE_I_MM1


004150: Oct 16 15:46:18.252 GMT: ISAKMP:(0): beginning Main Mode exchange

004151: Oct 16 15:46:18.252 GMT: ISAKMP:(0): sending packet to 1.2.3.4 my_port 500 peer_port 500 (I) MM_NO_STATE

Hestia#

Hestia#

Hestia#

004152: Oct 16 15:46:28.251 GMT: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...

004153: Oct 16 15:46:28.251 GMT: ISAKMP (0:0): incrementing error counter on sa, attempt 1 of 5: retransmit phase 1

004154: Oct 16 15:46:28.251 GMT: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE

004155: Oct 16 15:46:28.251 GMT: ISAKMP:(0): sending packet to 1.2.3.4 my_port 500 peer_port 500 (I) MM_NO_STATE


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Loading.

Actions

This Discussion