06-24-2009 06:35 PM - edited 03-04-2019 05:14 AM
Hey all I am trying to bring up a tunnel between to 871s and I having an issue. The tunnel is up and up but I am getting this error.
%CRYPTO-4-IKMP_NO_SA: IKE message from 75.144.6.93 has no SA and is not an initialization offer
any thoughts
06-24-2009 06:42 PM
What IOS version are you running? Could be cosmetic, but try this:
Most Common L2L and Remote Access IPSec VPN Troubleshooting Solutions
or
Most Common L2L and Remote Access IPSec VPN Troubleshooting Solutions
Hope this helps.
06-24-2009 06:47 PM
running c870-advipservicesk9-mz.124-15.T7
I will look over the links and let you know what I find. thanxs
06-24-2009 06:59 PM
Jerold
I am not sure that this is cosmetic. The error indicates that your router received an ISAKMP message from its peer but the router does not have an SA that corresponds to it.
I have seen this error message when routers had established the IPSec and ISAKMP relationship (including SAs) and then one of the peers reboots. The peer who did not reboot continues to send ISAKMP packets but the router that did reboot no longer has an SA for that peer.
Is it possible that your router has recently rebooted when you see these messages?
Do the routers involved in this generally transmit traffic to each other successfully?
If it is still an active issue you might post the configs from both routers. It might also help to post the output from show crypto isakmp to display the SAs of both routers.
HTH
Rick
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: