Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
805
Views
0
Helpful
2
Replies

GetVPN GMs not finding KS via alternative interfaces.

ggalteroo
Level 1
Level 1

‎10-22-2009 05:26 AM - edited ‎02-21-2020 04:21 PM

Hello

The registration with the KS is ok during normal operation but when a topology change occurs, the GM is unable to start GDOI because the interface is down, for instance. The crypto map is applied to a second interface and we have reachability from loopback to loopback. The message I get is

%CRYPTO-4-GM_REGSTER_IF_DOWN: Can't start GDOI registeration as interface FastEthernet0/1 is down

If I remove the crypto map from the first interface, the whole process starts and I get registered right away. It does not run while the crypto map is on both interfaces.

Do you know what might be happening?

Thanks a lot!

Guido

Labels:
0 Helpful
2 Replies 2

htarra
Level 4
Level 4

‎10-28-2009 06:58 AM

You are hitting the bug ID CSCtb26955.

0 Helpful

ggalteroo
Level 1
Level 1
In response to htarra

‎02-18-2010 10:41 AM

Thanks!

A TAC case recently closed pointed to bug CSCtb13421. The release 12.4(15)T12 solved the problem.

Thanks again!

0 Helpful
Customers Also Viewed These Support Documents