Interpreting debug crypto isakmp

Unanswered Question
Oct 19th, 2008
User Badges:

Is anyone aware of a link where one can reference what configuration line is missing from the firweall when running a "debug crypto isakmp 250"


Yesterday I lost all my tunnels, ran this debug and got the following:


Oct 18 17:09:02 [IKEv1]: IKE initiator: Local unit is failover enabled but is not currently active.

Oct 18 17:09:02 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0

Oct 18 17:09:02 [IKEv1]: IKE initiator: Local unit is failover enabled but is not currently active.

Oct 18 17:09:02 [IKEv1]: IKE receiver: Local unit is failover enabled but is not currently active.

Oct 18 17:09:02 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0

Oct 18 17:09:02 [IKEv1]: IKE initiator: Local unit is failover enabled but is not currently active.

Oct 18 17:09:03 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0


I am looking to explain the above debug results as well as a link that will associate a debug output with what's missing in a config.


any idea?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ajagadee Sun, 10/19/2008 - 13:18
User Badges:
  • Cisco Employee,

Hello Roni,


Looks like you are running into Bug ID CSCsk44832.


Please use the below URL to look up the bug id and the version that has the fix.


http://tools.cisco.com/Support/BugToolKit/action.do?hdnAction=searchBugs


Also, link to the release notes for 7.2 code.


http://www.cisco.com/en/US/docs/security/asa/asa72/release/notes/asarn724.html


Regards,

Arul


** Please rate all helpful posts **

Actions

This Discussion