IPSEC --> Phase 1 not comming up.

Unanswered Question
Sep 15th, 2008
User Badges:

I am trying to create an IPSEC but currently is not able to get the ISAKMP phase up. I have checked the keys and it is OK.

debug output**********

*Mar 4 07:02:43.373: ISAKMP: Error while processing SA request: Failed to initi

alize SA

*Mar 4 07:02:43.373: ISAKMP: Error while processing KMI message 0, error 2.

pbkk1093#

*Mar 4 07:03:13.833: ISAKMP:(2010):deleting SA reason "Death by retransmission

P1" state (I) MM_KEY_EXCH (peer 57.72.23.75)

*Mar 4 07:03:58.373: ISAKMP: Error while processing SA request: Failed to initi

alize SA

*Mar 4 07:05:58.373: ISAKMP:(0): SA request profile is (NULL)

*Mar 4 07:05:58.373: ISAKMP: Created a peer struct for 57.72.23.75, peer port 5

*Mar 4 07:05:58.373: ISAKMP: local port 500, remote port 500

*Mar 4 07:05:58.373: ISAKMP: set new node 0 to QM_IDLE

*Mar 4 07:05:58.373: ISAKMP: Find a dup sa in thdebug crypto isakmp e avl tree

during calling isadb_insert sa = 83F0BB84

*Mar 4 07:05:58.373: ISAKMP:(0):Can not start Aggressive mode, trying Main mode

.

*Mar 4 07:05:58.373: ISAKMP:(0):found peer pre-shared key matching 57.72.23.75

*Mar 4 07:05:58.373: ISAKMP:(0):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM

*Mar 4 07:05:58.373: ISAKMP:(0):Old State = IKE_READY New State = IKE_I_MM1

*Mar 4 07:05:58.373: ISAKMP:(0): beginning Main Mode exchange

*Mar 4 07:05:58.373: ISAKMP:(0): sending packet to 57.72.23.75 my_port 500 peer

_port 500 (I) MM_NO_STATE

*Mar 4 07:05:59.133: ISAKMP (0:0): received packet from 57.72.23.75 dport 500 s

port 500 Global (I) MM_NO_STATE

*Mar 4 07:05:59.133: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH

*Mar 4 07:05:59.133: ISAKMP:(0):Old State = IKE_I_MM1 New State = IKE_I_MM2

*Mar 4 07:05:59.133: ISAKMP:(0): processing SA payload. message ID = 0

*Mar 4 07:05:59.133: ISAKMP:(0): processing vendor id payload

*Mar 4 07:05:59.133: ISAKMP:(0): vendor ID seems Unity/DPD but major 157 mismat

*Mar 4 07:05:59.137: ISAKMP: encryption 3DES-CBC

*Mar 4 07:05:59.137: ISAKMP: default group 1

*Mar 4 07:05:59.137: ISAKMP: auth pre-share

*Mar 4 07:05:59.137: ISAKMP: life type in seconds

*Mar 4 07:05:59.137: ISAKMP: life duration (basic) of 28800

*Mar 4 07:05:59.137: ISAKMP:(0):atts are acceptable. Next payload is 0

*Mar 4 07:05:59.137: ISAKMP:(0): processing vendor id payload

*Mar 4 07:05:59.137: ISAKMP:(0): vendor ID seems Unity/DPD but major 157 mismat

*Mar 4 07:05:59.137: ISAKMP:(0):Old State = IKE_I_MM2 New State = IKE_I_MM2

*Mar 4 07:05:59.137: ISAKMP:(0): sending packet to 57.72.23.75 my_port 500 peer

_port 500 (I) MM_SA_SETUP

*Mar 4 07:05:59.137: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE

*Mar 4 07:05:59.137: ISAKMP:(0):Old State = IKE_I_MM2 New State = IKE_I_MM3

*Mar 4 07:05:59.369: ISAKMP (0:0): received packet from 57.72.23.75 dport 500 s

port 500 Global (I) MM_SA_SETUP

*Mar 4 07:05:59.369: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH

*Mar 4 07:05:59.369: ISAKMP:(0):Old State = IKE_I_MM3 New State = IKE_I_MM4

*Mar 4 07:05:59.369: ISAKMP:(0): processing KE payload. message ID = 0

*Mar 4 07:05:59.373: ISAKMP:(0): processing NONCE payload. message ID = 0

*Mar 4 07:05:59.373: ISAKMP:(0):found peer pre-shared key matching 57.72.23.75

*Mar 4 07:05:59.373: ISAKMP:(2013): processing vendor id payload

*Mar 4 07:05:59.373: ISAKMP:(2013): vendor ID is Unity

*Mar 4 07:05:59.373: ISAKMP:(2013): processing vendor id payload

*Mar 4 07:05:59.373: ISAKMP:(2013): vendor ID is DPD

*Mar 4 07:05:59.373: ISAKMP:(2013): processing vendor id payload

*Mar 4 07:05:59.377: ISAKMP:(2013): speaking to another IOS box!

*Mar 4 07:05:59.377: ISAKMP:received payload type 20

*Mar 4 07:05:59.377: ISAKMP (0:2013): NAT found, the node inside NAT

*Mar 4 07:05:59.377: ISAKMP:received payload type 20

*Mar 4 07:05:59.377: ISAKMP:(2013):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Marwan ALshawi Tue, 09/16/2008 - 04:31
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

have u configured nat exmption?

can u post the config

singhsaju Tue, 09/16/2008 - 12:20
User Badges:
  • Silver, 250 points or more

Can you explain your setup ?


Following log indicates NAT in between the devices.":


Mar 4 07:05:59.377: ISAKMP (0:2013): NAT found, the node inside NAT



Actions

This Discussion