ISAKMP Failing

Unanswered Question
Jan 4th, 2008
User Badges:

Hi Guys,


ISAKMP on one of my routers is faililng and im not too sure why. I have narrowed down what the issue may be


Jan 4 12:21:10: ISAKMP:(0:0:N/A:0): beginning Main Mode exchange

Jan 4 12:21:10: ISAKMP:(0:0:N/A:0): sending packet to 208.50.119.163 my_port 500 peer_port 500 (I) MM_NO_STATE

Jan 4 12:21:10: ISAKMP:(0:0:N/A:0): retransmitting phase 1 MM_NO_STATE...

Jan 4 12:21:10: ISAKMP:(0:0:N/A:0):peer does not do paranoid keepalives.


Jan 4 12:21:10: ISAKMP:(0:0:N/A:0):deleting SA reason "P1 delete notify (in)" state (I) MM_NO_STATE (peer 208.50.119.163)

Jan 4 12:21:10: ISAKMP: Unlocking IKE struct 0x81B0D524 for isadb_mark_sa_deleted(), count 0

Jan 4 12:21:10: ISAKMP: Deleting peer node by peer_reap for 208.50.119.163: 81B0D524

Jan 4 12:21:10: ISAKMP:(0:0:N/A:0):deleting node -884078831 error FALSE reason "IKE deleted"

Jan 4 12:21:10: ISAKMP:(0:0:N/A:0):deleting node 1613284320 error FALSE reason "IKE deleted"

Jan 4 12:21:10: ISAKMP:(0:0:N/A:0):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL

Jan 4 12:21:10: ISAKMP:(0:0:N/A:0):Old State = IKE_I_MM1 New State = IKE_DEST_SA


It seems as if we are sending a request to our peer but we do not receive one back.


I have checked the remote peer and it is configured correctly so im sure that is not the issue.


Doer anyone have any ideas?


Thanks


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
ajagadee Mon, 01/07/2008 - 09:05
User Badges:
  • Cisco Employee,

If this is all the debugs that you are seeing, then you are correct, looks like 208.50.119.163 is not responding to phase 1 of the IPSEC Tunnel.


What about the debugs on .163. If you are not seeing anything on the debugs, probably there is a firewall that is blocking UDP Port 500 towards .163. If you are seeing .163 respond, then could be a firewall that is blocking UDP Port 500 towards the router you initiated the connection.


Make sure the configuration is correct and there is no firewall or ACLs that are blocking UDP Port 500 and Protocol 50 (ESP).


I hope it helps.


Regards,

Arul

Actions

This Discussion