Interpreting debug crypto isakmp

Unanswered Question
Oct 19th, 2008

Is anyone aware of a link where one can reference what configuration line is missing from the firweall when running a "debug crypto isakmp 250"

Yesterday I lost all my tunnels, ran this debug and got the following:

Oct 18 17:09:02 [IKEv1]: IKE initiator: Local unit is failover enabled but is not currently active.

Oct 18 17:09:02 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0

Oct 18 17:09:02 [IKEv1]: IKE initiator: Local unit is failover enabled but is not currently active.

Oct 18 17:09:02 [IKEv1]: IKE receiver: Local unit is failover enabled but is not currently active.

Oct 18 17:09:02 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0

Oct 18 17:09:02 [IKEv1]: IKE initiator: Local unit is failover enabled but is not currently active.

Oct 18 17:09:03 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0

I am looking to explain the above debug results as well as a link that will associate a debug output with what's missing in a config.

any idea?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ajagadee Sun, 10/19/2008 - 13:18

Hello Roni,

Looks like you are running into Bug ID CSCsk44832.

Please use the below URL to look up the bug id and the version that has the fix.

http://tools.cisco.com/Support/BugToolKit/action.do?hdnAction=searchBugs

Also, link to the release notes for 7.2 code.

http://www.cisco.com/en/US/docs/security/asa/asa72/release/notes/asarn724.html

Regards,

Arul

** Please rate all helpful posts **

Actions

This Discussion