VPN IPSEC what is mean Find a dup sa in the avl tree

Unanswered Question
Mar 16th, 2010
User Badges:

I am working on on VPN ISSUE:


I did  a crypto isakmp and ipsec to troubleshoot, i got this:


Mar 16 00:46:05 PDT: IPSEC(sa_request): ,                                                                  


  (key eng. msg.) OUTBOUND local= 210.183.54.250, remote= 53.236.33.80,                                    


    local_proxy= 122.216.224.0/255.255.254.0/0/0 (type=4),                                                 


    remote_proxy= 53.236.33.96/255.255.255.224/0/0 (type=4),                                               


    protocol= ESP, transform= esp-3des esp-md5-hmac ,                                                      


    lifedur= 3600s and 4608000kb,                                                                          


    spi= 0xE2ECF6A1(3807180449), conn_id= 0, keysize= 0, flags= 0x400A                                     


Mar 16 00:46:05 PDT: ISAKMP: local port 500, remote port 500                                               


Mar 16 00:46:05 PDT: ISAKMP: set new node 0 to QM_IDLE                                                     


Mar 16 00:46:05 PDT: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 47DA6958       


Mar 16 00:46:05 PDT: ISAKMP:(0:9:HW:2):Can not start Aggressive mode, trying Main mode.                    


Mar 16 00:46:05 PDT: ISAKMP:(0:9:HW:2):found peer pre-shared key matching 53.236.33.80                     


Mar 16 00:46:05 PDT: ISAKMP:(0:9:HW:2): constructed NAT-T vendor-03 ID                                     


Mar 16 00:46:05 PDT: ISAKMP:(0:9:HW:2): constructed NAT-T vendor-02 ID                                     


Mar 16 00:46:05 PDT: ISAKMP:(0:9:HW:2):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM                          


Mar 16 00:46:05 PDT: ISAKMP:(0:9:HW:2):Old State = IKE_READY  New State = IKE_I_MM1            


What does mean         Find a dup sa in the avl tree during calling isadb_insert sa = 47DA6958    ?



thanks


Dominique

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
dcoulanges Tue, 03/16/2010 - 12:29
User Badges:

I got also

Mar 16 00:46:35 PDT: IPSEC(key_engine): request timer fired: count = 1,                                   


  (identity) local= 209.183.54.250, remote= 63.236.33.80,                                                  


    local_proxy= 166.216.224.0/255.255.254.0/0/0 (type=4),                                                 

   remote_proxy= 63.236.33.96/255.255.255.224/0/0 (type=4)                                                


Why is asking to request timer fired: count = 1, 

dcoulanges Tue, 03/16/2010 - 12:30
User Badges:

and i got at the end



Mar 16 00:47:05 PDT: IPSEC(key_engine): request timer fired: count = 2,                                    

  (identity) local= 209.183.54.250, remote= 63.236.33.80,                                                  

    local_proxy= 166.216.224.0/255.255.254.0/0/0 (type=4),                                                 

    remote_proxy= 63.236.33.96/255.255.255.224/0/0 (type=4)                                                

Mar 16 00:47:05 PDT: ISAKMP:(0:9:HW:2):peer does not do paranoid keepalives.                               

Actions

This Discussion