VPN Tunnel issue

Unanswered Question
May 17th, 2010
User Badges:

I am having issue in VPN tunnels. This setup was working fine from quite time but today i faced that both VPN tunnels were down. below is the logs during issue..


Image and platform is given here




cisco 3745 (R7000) processor

Image: c3745-ik9s-mz.122-15T8.bin



EIB3745(config)#logg monitor

EIB3745(config)#

May 17 08:48:55.432: ISAKMP (0:1032): received packet from 10.191.8.69 dport 500 sport 500 Global (I) MM_NO_STATEend

EIB3745#

May 17 08:48:58.115: %SYS-5-CONFIG_I: Configured from console by zkh95323 on vty1 (10.128.4.39)

May 17 08:49:05.434: ISAKMP (0:1032): received packet from 10.191.8.69 dport 500 sport 500 Global (I) MM_NO_STATE

EIB3745#

May 17 08:49:15.435: ISAKMP (0:1032): received packet from 10.191.8.69 dport 500 sport 500 Global (I) MM_NO_STATEconf t

Enter configuration commands, one per line. End with CNTL/Z.

EIB3745(config)#int tu1

EIB3745(config-if)#shut

EIB3745(config-if)#

May 17 08:49:25.433: ISAKMP (0:1032): received packet from 10.191.8.69 dport 500 sport 500 Global (I) MM_NO_STATE

EIB3745(config-if)#

EIB3745(config-if)#

EIB3745(config-if)#

EIB3745(config-if)#

May 17 08:49:28.924: %LINK-5-CHANGED: Interface Tunnel1, changed state to administratively down

May 17 08:49:29.924: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1, changed state to downno shut

EIB3745(config-if)#

EIB3745(config-if)#

EIB3745(config-if)#

EIB3745(config-if)#

EIB3745(config-if)#

May 17 08:49:34.771: %LINK-3-UPDOWN: Interface Tunnel1, changed state to up

May 17 08:49:35.419: ISAKMP (0:1032): purging node 1299527341

May 17 08:49:35.435: ISAKMP (0:1032): received packet from 10.191.8.69 dport 500 sport 500 Global (I) MM_NO_STATE

EIB3745(config-if)#

EIB3745(config-if)#

May 17 08:49:35.771: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1, changed state to up

May 17 08:49:37.771: ISAKMP: received ke message (1/1)

May 17 08:49:37.771: ISAKMP (0:0): SA request profile is (NULL)

May 17 08:49:37.771: ISAKMP: local port 500, remote port 500

May 17 08:49:37.771: ISAKMP: set new node 0 to QM_IDLE

May 17 08:49:37.771: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 63EAD5E0

May 17 08:49:37.771: ISAKMP (0:1033): Can not start Aggressive mode, trying Main mode.

May 17 08:49:37.771: ISAKMP: Looking for a matching key for 10.191.8.69 in default : success

May 17 08:49:37.771: ISAKMP (0:1033): found peer pre-shared key matching 10.191.8.69

May 17 08:49:37.771: ISAKMP (0:1033): constructed NAT-T vendor-03 ID

May 17 08:49:37.771: ISAKMP (0:1033): constructed NAT-T vendor-02 ID

May 17 08:49:37.771: ISAKMP (0:1033): Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM

May 17 08:49:37.771: ISAKMP (0:1033): Old State = IKE_READY New State = IKE_I_MM1

May 17 08:49:37.771: ISAKMP (0:1033): beginning Main Mode exchange

May 17 08:49:37.771: ISAKMP (0:1033): sending packet to 10.191.8.69 my_port 500 peer_port 500 (I) MM_NO_STATE

May 17 08:49:37.771: ISAKMP: received ke message (3/1)

May 17 08:49:37.771: ISAKMP (0:1033): peer does not do paranoid keepalives.

May 17 08:49:37.771: ISAKMP (0:1033): deleting SA reason "gen_ipsec_isakmp_delete but doi isakmp" state (I) MM_NO_STATE (peer 10.191.8.69) input queue 0

May 17 08:49:37.771: ISAKMP (0:1032): peer does not do paranoid keepalives.

May 17 08:49:37.771: ISAKMP (0:1033): deleting SA reason "gen_ipsec_isakmp_delete but doi isakmp" state (I) MM_NO_STATE (peer 10.191.8.69) input queue 0

May 17 08:49:37.771: ISAKMP (0:1033): deleting node -1844286488 error TRUE reason "gen_ipsec_isakmp_delete but doi isakmp"

May 17 08:49:37.771: ISAKMP (0:1033): Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL

May 17 08:49:37.771: ISAKMP (0:1033): Old State = IKE_I_MM1 New State = IKE_DEST_SA

May 17 08:49:37.775: ISAKMP (0:1033): received packet from 10.191.8.69 dport 500 sport 500 Global (I) MM_NO_STATE

May 17 08:49:45.417: ISAKMP (0:1032): purging SA., sa=64D50144, delme=64D50144

May 17 08:49:47.776: ISAKMP (0:1033): received packet from 10.191.8.69 dport 500 sport 500 Global (I) MM_NO_STATE

May 17 08:49:57.774: ISAKMP (0:1033): received packet from 10.191.8.69 dport 500 sport 500 Global (I) MM_NO_STATE

May 17 08:50:07.776: ISAKMP (0:1033): received packet from 10.191.8.69 dport 500 sport 500 Global (I) MM_NO_STATE

May 17 08:50:17.773: ISAKMP (0:1033): received packet from 10.191.8.69 dport 500 sport 500 Global (I) MM_NO_STATE

May 17 08:50:27.759: ISAKMP (0:1033): purging node -1844286488

May 17 08:50:27.775: ISAKMP (0:1033): received packet from 10.191.8.69 dport 500 sport 500 Global (I) MM_NO_STATE

May 17 08:50:37.757: ISAKMP (0:1033): purging SA., sa=63EAD5E0, delme=63EAD5E0

Thanks!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion