MM_NO_state

Unanswered Question
Apr 17th, 2008
User Badges:

I've set up a vpn tunnel ,when i enter the sh crypto isakmp sa command i get the message:

dst src

"peer IP" "my IP" state conn-id slot

MM_KEY_EXCH 2 0


and later i get this message


dst src

"peer IP" "my IP" state conn-id slot

MM_NO_state 2 0



the policy requirements are:


from the other peer side, they have a concentrator 3015,

Authentication

ESP/MD5/HMAC-128

Encryption

3DES-168


from my side i have a cisco router 805

and this is the policy that i have done:


Protection suite of priority 20

encryption algorithm:Three key triple DES

hash algorithm:Secure Hash Standard

authentication method: Pre-Shared Key

Diffie-Hellman group: #2 (1024 bit)

lifetime:86400 seconds, no volume limit


any solution please?





  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
smahbub Wed, 04/23/2008 - 06:17
User Badges:
  • Silver, 250 points or more

MM_KEY_EXCH and MM_NO_STATE are some of the states that may be displayed in the output of the show crypto isakmp sa command.

Meaning of the states you have mentioned:

1)MM_KEY_EXCH::

This message says that the peers have exchanged Diffie-Hellman public keys and have generated a shared secret. The ISAKMP SA remains unauthenticated.


2)MM_NO_STATE::

This message says that the ISAKMP SA has been created, but nothing else has happened yet. It is "larval" at this stage(there is no state at present).


For more info about the "show crypto isakmp sa command" refer the URL below:

http://www.cisco.com/en/US/docs/ios/12_3/security/command/reference/sec_r1g.html#wp107407

Actions

This Discussion