hi,

I am trying to bring up a site2site vpn tunnel but looks like phase 1 is failing..

can someone please take a look?

thanks

*Nov 4 20:56:36.217: ISAKMP:(0:0:N/A:0):Can not start Aggressive mode, trying Main mode.

*Nov 4 20:56:36.217: ISAKMP:(0:0:N/A:0):Looking for a matching key for 203.200.xxx.xxx in default

*Nov 4 20:56:36.217: ISAKMP:(0:0:N/A:0): : success

*Nov 4 20:56:36.217: ISAKMP:(0:0:N/A:0):found peer pre-shared key matching 203.200.xxx.xxx

*Nov 4 20:56:36.217: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-07 ID

*Nov 4 20:56:36.217: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-03 ID

*Nov 4 20:56:36.217: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-02 ID

*Nov 4 20:56:36.217: ISAKMP:(0:0:N/A:0):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM

*Nov 4 20:56:36.217: ISAKMP:(0:0:N/A:0):Old State = IKE_READY New State = IKE_I_MM1

*Nov 4 20:56:36.217: ISAKMP:(0:0:N/A:0): beginning Main Mode exchange

*Nov 4 20:56:36.217: ISAKMP:(0:0:N/A:0): sending packet to 203.200.xxx.xxx my_port 500 peer_port 500 (I) MM_NO_STATE

*Nov 4 20:56:36.221: ISAKMP:(0:0:N/A:0):deleting SA reason "P1 delete notify (in)" state (I) MM_NO_STATE (peer 203.200.xxx.xxx)

*Nov 4 20:56:36.221: ISAKMP: Unlocking IKE struct 0x43711B80 for isadb_mark_sa_deleted(), count 0

*Nov 4 20:56:36.221: ISAKMP: Deleting peer node by peer_reap for 203.200.xxx.xxx: 43711B80

*Nov 4 20:56:36.221: ISAKMP:(0:0:N/A:0):deleting node 1146726567 error FALSE reason "IKE deleted"

*Nov 4 20:56:36.221: ISAKMP:(0:0:N/A:0):deleting node -2133103557 error FALSE reason "IKE deleted"

*Nov 4 20:56:36.221: ISAKMP:(0:0:N/A:0):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL

*Nov 4 20:56:36.221: ISAKMP:(0:0:N/A:0):Old State = IKE_I_MM1 New State = IKE_DEST_SA

*Nov 4 20:56:36.221: ISAKMP:(0:0:N/A:0):purging SA., sa=43716E60, delme=43716E60

*Nov 4 20:56:36.221: IPSEC(key_engine): got a queue event with 1 kei messages

*Nov 4 20:56:46.221: ISAKMP:(0:0:N/A:0): retransmitting phase 1 MM_NO_STATE...

*Nov 4 20:56:46.221: ISAKMP (0:0): incrementing error counter on sa, attempt 1 of 5: retransmit phase 1

*Nov 4 20:56:46.221: ISAKMP:(0:0:N/A:0): retransmitting phase 1 MM_NO_STATE

*Nov 4 20:56:46.221: ISAKMP:(0:0:N/A:0): sending packet to 203.200.xxx.xxx my_port 500 peer_port 500 (I) MM_NO_STATE

*Nov 4 20:56:56.221: ISAKMP:(0:0:N/A:0): retransmitting phase 1 MM_NO_STATE...

*Nov 4 20:56:56.221: ISAKMP (0:0): incrementing error counter on sa, attempt 2 of 5: retransmit phase 1

*Nov 4 20:56:56.221: ISAKMP:(0:0:N/A:0): retransmitting phase 1 MM_NO_STATE

*Nov 4 20:56:56.221: ISAKMP:(0:0:N/A:0): sending packet to 203.200.xxx.xxx my_port 500 peer_port 500 (I) MM_NO_STATE

*Nov 4 20:57:06.213: IPSEC(key_engine): request timer fired: count = 1,

(identity) local= 119.111.xxx.xxx, remote= 203.200.xxx.xxx,

local_proxy= 10.10.0.0/255.255.240.0/0/0 (type=4),

remote_proxy= 10.126.1.14/255.255.255.255/0/0 (type=1)

*Nov 4 20:57:06.213: IPSEC(sa_request): ,

(key eng. msg.) OUTBOUND local= 119.111.xxx.xxx, remote= 203.200.xxx.xxx,

local_proxy= 10.10.0.0/255.255.240.0/0/0 (type=4),

remote_proxy= 10.126.1.14/255.255.255.255/0/0 (type=1),

protocol= ESP, transform= esp-3des esp-md5-hmac (Tunnel),

lifedur= 3600s and 4608000kb,

spi= 0x712A5AF7(1898601207), conn_id= 0, keysize= 0, flags= 0x400A

*Nov 4 20:57:06.213: ISAKMP: received ke message (1/1)

*Nov 4 20:57:06.213: ISAKMP: set new node 0 to QM_IDLE

*Nov 4 20:57:06.213: ISAKMP:(0:0:N/A:0):SA is still budding. Attached new ipsec request to it. (local 119.111.xxx.xxx, remote 203.200.xxx.xxx)

*Nov 4 20:57:06.221: ISAKMP:(0:0:N/A:0): retransmitting phase 1 MM_NO_STATE...

*Nov 4 20:57:06.221: ISAKMP (0:0): incrementing error counter on sa, attempt 3 of 5: retransmit phase 1

*Nov 4 20:57:06.221: ISAKMP:(0:0:N/A:0): retransmitting phase 1 MM_NO_STATE

*Nov 4 20:57:06.221: ISAKMP:(0:0:N/A:0): sending packet to 203.200.xxx.xxx my_port 500 peer_port 500 (I) MM_NO_STATE