VPN under NAT - 2 routers same config. 1 works the other no

Unanswered Question
Mar 12th, 2008
User Badges:
  • Bronze, 100 points or more

I have two routers working with DMVPN, they are both connecting to a HUB vpn gateway. The spokes are both under NAT to access internet, the configuration is the same but in one the vpn works in the other no.


Here below is the output from the "bad" router. it goes all well until the end when it says "Old State=IKE_I_MM4 New State = IKE_I_MM5"


In the "good" router is says""Old State=IKE_I_MM4 New State = IKE_P1_COMPLETE"


All the other lines that come before that are the equals in debug.


Anyone know whats can be going on?


*Mar 12 13:22:44.080: ISAKMP:(1023):Send initial contact

*Mar 12 13:22:44.080: ISAKMP:(1023):SA is doing pre-shared key authentication using id type ID_IPV4_ADDR

*Mar 12 13:22:44.080: ISAKMP (0:1023): ID payload

next-payload : 8

type : 1

address : 192.168.201.100

protocol : 17

port : 0

length : 12

*Mar 12 13:22:44.084: ISAKMP:(1023):Total payload length: 12

*Mar 12 13:22:44.084: crypto_engine: Generate IKE hash

*Mar 12 13:22:44.084: crypto_engine: Encrypt IKE packet

*Mar 12 13:22:44.084: ISAKMP:(1023): sending packet to 189.39.4.132 my_port 4500 peer_port 4500 (I) MM_KEY_EXCH

*Mar 12 13:22:44.084: ISAKMP:(1023):Sending an IKE IPv4 Packet.

*Mar 12 13:22:44.084: ISAKMP:(1023):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE

*Mar 12 13:22:44.084: ISAKMP:(1023):Old State = IKE_I_MM4 New State = IKE_I_MM5

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
guibarati Tue, 03/18/2008 - 07:33
User Badges:
  • Bronze, 100 points or more

Thanks, but I have already issued that and everything goes exactly the same until the last line, that changes the mmstate from 4 to 5 in the bad router, and from 4 to complete in the good router.

Actions

This Discussion