Error bring up a GRE tunnel

Unanswered Question
Leo Laohoo Wed, 06/24/2009 - 18:42
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

Richard Burts Wed, 06/24/2009 - 18:59
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN


I am not sure that this is cosmetic. The error indicates that your router received an ISAKMP message from its peer but the router does not have an SA that corresponds to it.

I have seen this error message when routers had established the IPSec and ISAKMP relationship (including SAs) and then one of the peers reboots. The peer who did not reboot continues to send ISAKMP packets but the router that did reboot no longer has an SA for that peer.

Is it possible that your router has recently rebooted when you see these messages?

Do the routers involved in this generally transmit traffic to each other successfully?

If it is still an active issue you might post the configs from both routers. It might also help to post the output from show crypto isakmp to display the SAs of both routers.




This Discussion