Hi,

We are new users of CISCO VPN SPA. We are currently trying to establish a Site-to-Site VPN connection with one of our clients and we are having a hard time connecting it. The following are the logs on the debug mode of the router. Any idea what causing this problem?

Oct 27 11:20:18.012: IPSEC(sa_request): ,

(key eng. msg.) OUTBOUND local= <*.*.*.*>, remote= <*.*.*.*>,

local_proxy= 192.168.145.54/255.255.255.255/0/0 (type=1),

remote_proxy= 172.20.46.29/255.255.255.255/0/0 (type=1),

protocol= ESP, transform= NONE (Tunnel),

lifedur= 190s and 4608000kb,

spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x0

Oct 27 11:20:18.012: ISAKMP:(0): SA request profile is CBCPROFILE

Oct 27 11:20:18.012: ISAKMP: Created a peer struct for <*.*.*.*>, peer port 500

Oct 27 11:20:18.012: ISAKMP: New peer created peer = 0x4561D640 peer_handle = 0x800000B2

Oct 27 11:20:18.012: ISAKMP: Locking peer struct 0x4561D640, refcount 1 for isakmp_initiator

Oct 27 11:20:18.012: ISAKMP: local port 500, remote port 500

Oct 27 11:20:18.016: ISAKMP: set new node 0 to QM_IDLE

Oct 27 11:20:18.016: insert sa successfully sa = 492FB734

Oct 27 11:20:18.016: ISAKMP:(0):Can not start Aggressive mode, trying Main mode.

Oct 27 11:20:18.016: ISAKMP:(0): constructed NAT-T vendor-07 ID

Oct 27 11:20:18.016: ISAKMP:(0): constructed NAT-T vendor-03 ID

Oct 27 11:20:18.016: ISAKMP:(0): constructed NAT-T vendor-02 ID

Oct 27 11:20:18.016: ISAKMP:(0):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM

Oct 27 11:20:18.016: ISAKMP:(0):Old State = IKE_READY New State = IKE_I_MM1

Oct 27 11:20:18.016: ISAKMP:(0): beginning Main Mode exchange

Oct 27 11:20:18.016: ISAKMP:(0): sending packet to <*.*.*.*> my_port 500 peer_port 500 (I) MM_NO_STATE

Oct 27 11:20:18.088: ISAKMP (0): received packet from <*.*.*.*> dport 500 sport 500 SSHWWW (I) MM_NO_STATE

Oct 27 11:20:18.088: ISAKMP:(0):Couldn't find node: message_id -2086833778

Oct 27 11:20:18.088: ISAKMP (0): Unknown Input IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY: state = IKE_I_MM1

Oct 27 11:20:18.088: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY

Oct 27 11:20:18.088: ISAKMP:(0):Old State = IKE_I_MM1 New State = IKE_I_MM1

Oct 27 11:20:18.088: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Informational mode failed with peer at <*.*.*.*>

Oct 27 11:20:28.016: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...

Oct 27 11:20:28.016: ISAKMP (0:0): incrementing error counter on sa, attempt 1 of 5: retransmit phase 1

Oct 27 11:20:28.016: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE

Oct 27 11:20:28.016: ISAKMP:(0): sending packet to <*.*.*.*> my_port 500 peer_port 500 (I) MM_NO_STATE

Oct 27 11:20:38.016: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...

Oct 27 11:20:38.016: ISAKMP (0:0): incrementing error counter on sa, attempt 2 of 5: retransmit phase 1

Oct 27 11:20:38.016: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE

Oct 27 11:20:38.016: ISAKMP:(0): sending packet to <*.*.*.*> my_port 500 peer_port 500 (I) MM_NO_STATE

Oct 27 11:20:48.011: IPSEC(key_engine): request timer fired: count = 1,

(identity) local= <*.*.*.*>, remote= <*.*.*.*>,

local_proxy= 192.168.145.54/255.255.255.255/0/0 (type=1),

remote_proxy= 172.20.46.29/255.255.255.255/0/0 (type=1)

Oct 27 11:20:48.011: IPSEC(sa_request): ,

(key eng. msg.) OUTBOUND local= <*.*.*.*>, remote= <*.*.*.*>,

local_proxy= 192.168.145.54/255.255.255.255/0/0 (type=1),

remote_proxy= 172.20.46.29/255.255.255.255/0/0 (type=1),

protocol= ESP, transform= NONE (Tunnel),

lifedur= 190s and 4608000kb,

spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x0

Oct 27 11:20:48.011: ISAKMP: set new node 0 to QM_IDLE

Oct 27 11:20:48.011: ISAKMP:(0):SA is still budding. Attached new ipsec request to it. (local <*.*.*.*>, remote <*.*.*.*>)

Oct 27 11:20:48.011: ISAKMP: Error while processing SA request: Failed to initialize SA