PIX site to site vpn issues

Answered Question
Feb 19th, 2009


My IPSEC VPN tunnel between two pix's has gone down and after trying

the normal reboots I attached a syslog to one end and got a ipsec

isakmp phase 1 retransmit message

cisco doesnt really explain the causes of this.

Does anyone have any ideas what this means ? or the causes ?

I have attached both configs



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
handley88 Sat, 02/21/2009 - 05:39

Im still having problems.

here is the debug output requested.

I noticed this line in the debug

crypto_isakmp_process_block:src:, dest:Local IP of PIX spt:50996 dpt:500

The IP seems to below to BT, is this normal ?



handley88 Tue, 02/24/2009 - 03:35

Hi, I have checked the above with no luck. could a nat/router problem cause that output ?

also what does this line mean ?

crypto_isakmp_process_block:src:, dest: a.a.a.a spt:50996 dpt:500

Many Thanks


handley88 Thu, 02/26/2009 - 03:47

Thanks, I think the actual config's are ok so im going to try swapping the router.

handley88 Fri, 02/27/2009 - 01:47

hi, changed the router over and now receive this error

ISAKMP (0): speaking to another IOS box!

ISAKMP (0:0): Detected NAT-D payload

ISAKMP (0:0): NAT does not match MINE

ISAKMP (0:0): Detected NAT-D payload

ISAKMP (0:0): NAT does not match HIS hash


handley88 Thu, 03/05/2009 - 05:31

Thanks for all your help.

The issue was that the remote boarder router although in its config said it was not doing any NAT it actually was. As soon as the router was swapped out the tunnel came back up.



This Discussion