sh run Building configuration... Current configuration : 4537 bytes ! version 12.4 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname vg224 ! boot-start-marker boot system slot0:vg224-i6k9s-mz.124-15.T5.bin boot-end-marker ! enable secret 5 $1$wJbv$6SsvWWa6TspC6NmwuF3vh1 ! no aaa new-model ! ! no ip domain lookup ! ! ! stcapp ccm-group 1 stcapp ! stcapp feature access-code ! stcapp feature speed-dial ! ! voice-card 0 ! ! ! voice service voip fax protocol pass-through g711alaw modem passthrough nse codec g711alaw ! ! ! ! ! ! ! ! ! ! ! ! ! ! crypto isakmp policy 1 encr 3des hash md5 authentication pre-share group 2 lifetime 3600 crypto isakmp key cisco address 10.100.64.11 crypto isakmp key cisco address 10.100.64.12 ! ! crypto ipsec transform-set CUCM esp-3des esp-md5-hmac ! crypto map CUCM 1 ipsec-isakmp set peer 10.100.64.11 set transform-set CUCM match address 101 crypto map CUCM 2 ipsec-isakmp set peer 10.100.64.12 set transform-set CUCM match address 102 ! archive log config hidekeys ! ! ! ! ! interface FastEthernet0/0 ip address 10.222.101.127 255.255.255.0 duplex auto speed auto crypto map CUCM ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 10.222.101.1 ! ip http server no ip http secure-server ! access-list 101 permit ip host 10.222.101.127 host 10.100.64.11 access-list 102 permit ip host 10.222.101.127 host 10.100.64.12 snmp-server community readtest RO ! ! control-plane ! ! ! voice-port 2/0 cptone DE timeouts ringing infinity timing hookflash-in 300 200 caller-id enable ! voice-port 2/1 cptone DE timeouts ringing infinity ! voice-port 2/2 cptone DE timeouts ringing infinity ! voice-port 2/3 cptone DE timeouts ringing infinity ! voice-port 2/4 cptone DE timeouts ringing infinity ! voice-port 2/5 cptone DE timeouts ringing infinity ! voice-port 2/6 cptone DE timeouts ringing infinity ! voice-port 2/7 cptone DE timeouts ringing infinity ! voice-port 2/8 cptone DE timeouts ringing infinity ! voice-port 2/9 cptone DE timeouts ringing infinity ! voice-port 2/10 cptone DE timeouts ringing infinity ! voice-port 2/11 cptone DE timeouts ringing infinity ! voice-port 2/12 cptone DE timeouts ringing infinity ! voice-port 2/13 cptone DE timeouts ringing infinity ! voice-port 2/14 cptone DE timeouts ringing infinity ! voice-port 2/15 cptone DE timeouts ringing infinity ! voice-port 2/16 cptone DE timeouts ringing infinity ! voice-port 2/17 cptone DE timeouts ringing infinity ! voice-port 2/18 cptone DE timeouts ringing infinity ! voice-port 2/19 cptone DE timeouts ringing infinity ! voice-port 2/20 cptone DE timeouts ringing infinity ! voice-port 2/21 cptone DE timeouts ringing infinity ! voice-port 2/22 cptone DE timeouts ringing infinity ! voice-port 2/23 cptone DE timeouts ringing infinity ! ! ! sccp local FastEthernet0/0 sccp ccm 10.100.64.12 identifier 10 sccp ccm 10.100.64.11 identifier 20 sccp ! sccp ccm group 1 associate ccm 10 priority 1 associate ccm 20 priority 2 ! ! dial-peer voice 100 pots ! dial-peer voice 200 pots service stcapp port 2/0 ! dial-peer voice 201 pots service stcapp port 2/1 ! dial-peer voice 202 pots service stcapp port 2/2 ! dial-peer voice 203 pots service stcapp port 2/3 ! dial-peer voice 204 pots service stcapp port 2/4 ! dial-peer voice 205 pots service stcapp port 2/5 ! dial-peer voice 206 pots service stcapp port 2/6 ! dial-peer voice 207 pots service stcapp port 2/7 ! dial-peer voice 208 pots service stcapp port 2/8 ! dial-peer voice 209 pots service stcapp port 2/9 ! dial-peer voice 210 pots service stcapp port 2/10 ! dial-peer voice 211 pots service stcapp port 2/11 ! dial-peer voice 212 pots service stcapp port 2/12 ! dial-peer voice 213 pots service stcapp port 2/13 ! dial-peer voice 214 pots service stcapp port 2/14 ! dial-peer voice 215 pots service stcapp port 2/15 ! dial-peer voice 216 pots service stcapp port 2/16 ! dial-peer voice 217 pots service stcapp port 2/17 ! dial-peer voice 218 pots service stcapp port 2/18 ! dial-peer voice 219 pots service stcapp port 2/19 ! dial-peer voice 220 pots service stcapp port 2/20 ! dial-peer voice 221 pots service stcapp port 2/21 ! dial-peer voice 222 pots service stcapp port 2/22 ! dial-peer voice 223 pots service stcapp port 2/23 ! ! ! ! line con 0 logging synchronous line aux 0 line vty 0 4 password test99test2008 logging synchronous login ! end vg224# vg224# vg224# vg224# vg224# vg224# vg224# vg224# vg224# vg224#! vg224#sh crypto isakmp sa IPv4 Crypto ISAKMP SA dst src state conn-id slot status 10.100.64.11 10.222.101.127 MM_NO_STATE 0 0 ACTIVE 10.100.64.11 10.222.101.127 MM_NO_STATE 0 0 ACTIVE (deleted) 10.100.64.12 10.222.101.127 MM_NO_STATE 0 0 ACTIVE 10.100.64.12 10.222.101.127 MM_NO_STATE 0 0 ACTIVE (deleted) IPv6 Crypto ISAKMP SA vg224# vg224#sh crypto ipsec sa interface: FastEthernet0/0 Crypto map tag: CUCM, local addr 10.222.101.127 protected vrf: (none) local ident (addr/mask/prot/port): (10.222.101.127/255.255.255.255/0/0) remote ident (addr/mask/prot/port): (10.100.64.11/255.255.255.255/0/0) current_peer 10.100.64.11 port 500 PERMIT, flags={origin_is_acl,} #pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0 #pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 0, #pkts compr. failed: 0 #pkts not decompressed: 0, #pkts decompress failed: 0 #send errors 328, #recv errors 0 local crypto endpt.: 10.222.101.127, remote crypto endpt.: 10.100.64.11 path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/0 current outbound spi: 0x0(0) inbound esp sas: inbound ah sas: inbound pcp sas: outbound esp sas: outbound ah sas: outbound pcp sas: protected vrf: (none) local ident (addr/mask/prot/port): (10.222.101.127/255.255.255.255/0/0) remote ident (addr/mask/prot/port): (10.100.64.12/255.255.255.255/0/0) current_peer 10.100.64.12 port 500 PERMIT, flags={origin_is_acl,ipsec_sa_request_sent} #pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0 #pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 0, #pkts compr. failed: 0 #pkts not decompressed: 0, #pkts decompress failed: 0 #send errors 844, #recv errors 0 local crypto endpt.: 10.222.101.127, remote crypto endpt.: 10.100.64.12 path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/0 current outbound spi: 0x0(0) inbound esp sas: inbound ah sas: inbound pcp sas: outbound esp sas: outbound ah sas: outbound pcp sas: vg224# vg224# vg224# vg224# vg224# vg224# vg224# vg224# vg224#debug crypto isakmp Crypto ISAKMP debugging is on vg224# vg224# vg224# vg224# vg224# vg224# vg224# vg224# vg224# *Mar 1 20:46:23.214: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE... *Mar 1 20:46:23.214: ISAKMP:(0):peer does not do paranoid keepalives. *Mar 1 20:46:23.214: ISAKMP:(0):deleting SA reason "Death by retransmission P1" state (I) MM_NO_STATE (peer 10.100.64.11) *Mar 1 20:46:23.214: ISAKMP:(0):deleting SA reason "Death by retransmission P1" state (I) MM_NO_STATE (peer 10.100.64.11) *Mar 1 20:46:23.214: ISAKMP: Unlocking peer struct 0x63D0AA78 for isadb_mark_sa_deleted(), count 0 *Mar 1 20:46:23.214: ISAKMP: Deleting peer node by peer_reap for 10.100.64.11: 63D0AA78 *Mar 1 20:46:23.214: ISAKMP:(0):deleting node -2098436914 error FALSE reason "IKE deleted" vg224# *Mar 1 20:46:23.214: ISAKMP:(0):deleting node -1921263527 error FALSE reason "IKE deleted" *Mar 1 20:46:23.214: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL *Mar 1 20:46:23.214: ISAKMP:(0):Old State = IKE_I_MM1 New State = IKE_DEST_SA vg224# *Mar 1 20:46:26.286: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE... *Mar 1 20:46:26.286: ISAKMP (0:0): incrementing error counter on sa, attempt 3 of 5: retransmit phase 1 *Mar 1 20:46:26.286: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE *Mar 1 20:46:26.286: ISAKMP:(0): sending packet to 10.100.64.12 my_port 500 peer_port 500 (I) MM_NO_STATE *Mar 1 20:46:26.286: ISAKMP:(0):Sending an IKE IPv4 Packet. *Mar 1 20:46:26.286: ISAKMP: set new node 0 to QM_IDLE *Mar 1 20:46:26.286: ISAKMP:(0):SA is still budding. Attached new ipsec request to it. (local 10.222.101.127, remote 10.100.64.12) vg224# *Mar 1 20:46:26.286: ISAKMP: Error while processing SA request: Failed to initialize SA *Mar 1 20:46:26.286: ISAKMP: Error while processing KMI message 0, error 2. vg224# *Mar 1 20:46:36.286: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE... *Mar 1 20:46:36.286: ISAKMP (0:0): incrementing error counter on sa, attempt 4 of 5: retransmit phase 1 *Mar 1 20:46:36.286: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE *Mar 1 20:46:36.286: ISAKMP:(0): sending packet to 10.100.64.12 my_port 500 peer_port 500 (I) MM_NO_STATE *Mar 1 20:46:36.286: ISAKMP:(0):Sending an IKE IPv4 Packet. vg224# *Mar 1 20:46:43.214: ISAKMP:(0): SA request profile is (NULL) *Mar 1 20:46:43.214: ISAKMP: Created a peer struct for 10.100.64.11, peer port 500 *Mar 1 20:46:43.214: ISAKMP: New peer created peer = 0x62F16C14 peer_handle = 0x8000009E *Mar 1 20:46:43.214: ISAKMP: Locking peer struct 0x62F16C14, refcount 1 for isakmp_initiator *Mar 1 20:46:43.214: ISAKMP: local port 500, remote port 500 *Mar 1 20:46:43.214: ISAKMP: set new node 0 to QM_IDLE *Mar 1 20:46:43.218: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 632B4700 *Mar 1 20:46:43.218: ISAKMP:(0):Can not start Aggressive mode, trying Main mode. *Mar 1 20:46:43.218: ISAKMP:(0):found peer pre-shared key matching 10.100.64.11 *Mar 1 20:46:43.218: ISAKMP:(0): constructed NAT-T vendor-rfc3947 ID *Mar 1 20:46:43.218: ISAKMP:(0): constructed NAT-T vendor-07 ID *Mar 1 20:46:43.218: ISAKMP:(0): constructed NAT-T vendor-03 ID *Mar 1 20:46:43.218: ISAKMP:(0): constructed NAT-T vendor-02 ID vg224# *Mar 1 20:46:43.218: ISAKMP:(0):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM *Mar 1 20:46:43.218: ISAKMP:(0):Old State = IKE_READY New State = IKE_I_MM1 *Mar 1 20:46:43.218: ISAKMP:(0): beginning Main Mode exchange *Mar 1 20:46:43.218: ISAKMP:(0): sending packet to 10.100.64.11 my_port 500 peer_port 500 (I) MM_NO_STATE *Mar 1 20:46:43.218: ISAKMP:(0):Sending an IKE IPv4 Packet. vg224# *Mar 1 20:46:46.130: ISAKMP:(0):purging node -1805004838 *Mar 1 20:46:46.130: ISAKMP:(0):purging node 131599258 *Mar 1 20:46:46.286: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE... *Mar 1 20:46:46.286: ISAKMP (0:0): incrementing error counter on sa, attempt 5 of 5: retransmit phase 1 *Mar 1 20:46:46.286: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE *Mar 1 20:46:46.286: ISAKMP:(0): sending packet to 10.100.64.12 my_port 500 peer_port 500 (I) MM_NO_STATE *Mar 1 20:46:46.286: ISAKMP:(0):Sending an IKE IPv4 Packet. vg224# *Mar 1 20:46:53.218: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE... *Mar 1 20:46:53.218: ISAKMP (0:0): incrementing error counter on sa, attempt 1 of 5: retransmit phase 1 *Mar 1 20:46:53.218: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE *Mar 1 20:46:53.218: ISAKMP:(0): sending packet to 10.100.64.11 my_port 500 peer_port 500 (I) MM_NO_STATE *Mar 1 20:46:53.218: ISAKMP:(0):Sending an IKE IPv4 Packet. vg224# *Mar 1 20:46:56.130: ISAKMP:(0):purging SA., sa=62B658B4, delme=62B658B4 *Mar 1 20:46:56.286: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE... *Mar 1 20:46:56.286: ISAKMP:(0):peer does not do paranoid keepalives. *Mar 1 20:46:56.286: ISAKMP:(0):deleting SA reason "Death by retransmission P1" state (I) MM_NO_STATE (peer 10.100.64.12) *Mar 1 20:46:56.286: ISAKMP:(0):deleting SA reason "Death by retransmission P1" state (I) MM_NO_STATE (peer 10.100.64.12) *Mar 1 20:46:56.286: ISAKMP: Unlocking peer struct 0x63D0AE34 for isadb_mark_sa_deleted(), count 0 *Mar 1 20:46:56.286: ISAKMP: Deleting peer node by peer_reap for 10.100.64.12: 63D0AE34 vg224# *Mar 1 20:46:56.286: ISAKMP:(0):deleting node -329911183 error FALSE reason "IKE deleted" *Mar 1 20:46:56.286: ISAKMP:(0):deleting node -699378984 error FALSE reason "IKE deleted" *Mar 1 20:46:56.286: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL *Mar 1 20:46:56.286: ISAKMP:(0):Old State = IKE_I_MM1 New State = IKE_DEST_SA vg224# *Mar 1 20:46:58.130: ISAKMP:(0): SA request profile is (NULL) *Mar 1 20:46:58.130: ISAKMP: Created a peer struct for 10.100.64.12, peer port 500 *Mar 1 20:46:58.130: ISAKMP: New peer created peer = 0x63D0AE34 peer_handle = 0x8000009F *Mar 1 20:46:58.130: ISAKMP: Locking peer struct 0x63D0AE34, refcount 1 for isakmp_initiator *Mar 1 20:46:58.130: ISAKMP: local port 500, remote port 500 *Mar 1 20:46:58.130: ISAKMP: set new node 0 to QM_IDLE *Mar 1 20:46:58.130: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 63CFE830 *Mar 1 20:46:58.130: ISAKMP:(0):Can not start Aggressive mode, trying Main mode. *Mar 1 20:46:58.130: ISAKMP:(0):found peer pre-shared key matching 10.100.64.12 *Mar 1 20:46:58.130: ISAKMP:(0): constructed NAT-T vendor-rfc3947 ID *Mar 1 20:46:58.130: ISAKMP:(0): constructed NAT-T vendor-07 ID *Mar 1 20:46:58.130: ISAKMP:(0): constructed NAT-T vendor-03 ID *Mar 1 20:46:58.130: ISAKMP:(0): constructed NAT-T vendor-02 ID vg224# *Mar 1 20:46:58.130: ISAKMP:(0):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM *Mar 1 20:46:58.130: ISAKMP:(0):Old State = IKE_READY New State = IKE_I_MM1 *Mar 1 20:46:58.134: ISAKMP:(0): beginning Main Mode exchange *Mar 1 20:46:58.134: ISAKMP:(0): sending packet to 10.100.64.12 my_port 500 peer_port 500 (I) MM_NO_STATE *Mar 1 20:46:58.134: ISAKMP:(0):Sending an IKE IPv4 Packet. vg224# *Mar 1 20:47:03.218: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE... *Mar 1 20:47:03.218: ISAKMP (0:0): incrementing error counter on sa, attempt 2 of 5: retransmit phase 1 *Mar 1 20:47:03.218: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE *Mar 1 20:47:03.218: ISAKMP:(0): sending packet to 10.100.64.11 my_port 500 peer_port 500 (I) MM_NO_STATE *Mar 1 20:47:03.218: ISAKMP:(0):Sending an IKE IPv4 Packet. vg224# *Mar 1 20:47:08.134: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE... *Mar 1 20:47:08.134: ISAKMP (0:0): incrementing error counter on sa, attempt 1 of 5: retransmit phase 1 *Mar 1 20:47:08.134: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE *Mar 1 20:47:08.134: ISAKMP:(0): sending packet to 10.100.64.12 my_port 500 peer_port 500 (I) MM_NO_STATE *Mar 1 20:47:08.134: ISAKMP:(0):Sending an IKE IPv4 Packet. vg224# *Mar 1 20:47:13.214: ISAKMP:(0):purging node -2098436914 *Mar 1 20:47:13.214: ISAKMP:(0):purging node -1921263527 *Mar 1 20:47:13.214: ISAKMP: set new node 0 to QM_IDLE *Mar 1 20:47:13.214: ISAKMP:(0):SA is still budding. Attached new ipsec request to it. (local 10.222.101.127, remote 10.100.64.11) *Mar 1 20:47:13.214: ISAKMP: Error while processing SA request: Failed to initialize SA *Mar 1 20:47:13.214: ISAKMP: Error while processing KMI message 0, error 2. *Mar 1 20:47:13.218: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE... *Mar 1 20:47:13.218: ISAKMP (0:0): incrementing error counter on sa, attempt 3 of 5: retransmit phase 1 vg224# *Mar 1 20:47:13.218: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE *Mar 1 20:47:13.218: ISAKMP:(0): sending packet to 10.100.64.11 my_port 500 peer_port 500 (I) MM_NO_STATE *Mar 1 20:47:13.218: ISAKMP:(0):Sending an IKE IPv4 Packet. vg224# *Mar 1 20:47:18.134: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE... *Mar 1 20:47:18.134: ISAKMP (0:0): incrementing error counter on sa, attempt 2 of 5: retransmit phase 1 *Mar 1 20:47:18.134: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE *Mar 1 20:47:18.134: ISAKMP:(0): sending packet to 10.100.64.12 my_port 500 peer_port 500 (I) MM_NO_STATE *Mar 1 20:47:18.134: ISAKMP:(0):Sending an IKE IPv4 Packet. vg224# *Mar 1 20:47:23.214: ISAKMP:(0):purging SA., sa=62B62D70, delme=62B62D70 *Mar 1 20:47:23.218: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE... *Mar 1 20:47:23.218: ISAKMP (0:0): incrementing error counter on sa, attempt 4 of 5: retransmit phase 1 *Mar 1 20:47:23.218: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE *Mar 1 20:47:23.218: ISAKMP:(0): sending packet to 10.100.64.11 my_port 500 peer_port 500 (I) MM_NO_STATE *Mar 1 20:47:23.218: ISAKMP:(0):Sending an IKE IPv4 Packet. vg224# *Mar 1 20:47:28.130: ISAKMP: set new node 0 to QM_IDLE *Mar 1 20:47:28.130: ISAKMP:(0):SA is still budding. Attached new ipsec request to it. (local 10.222.101.127, remote 10.100.64.12) *Mar 1 20:47:28.130: ISAKMP: Error while processing SA request: Failed to initialize SA *Mar 1 20:47:28.130: ISAKMP: Error while processing KMI message 0, error 2. *Mar 1 20:47:28.134: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE... *Mar 1 20:47:28.134: ISAKMP (0:0): incrementing error counter on sa, attempt 3 of 5: retransmit phase 1 *Mar 1 20:47:28.134: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE vg224# *Mar 1 20:47:28.134: ISAKMP:(0): sending packet to 10.100.64.12 my_port 500 peer_port 500 (I) MM_NO_STATE *Mar 1 20:47:28.134: ISAKMP:(0):Sending an IKE IPv4 Packet. vg224# *Mar 1 20:47:33.218: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE... *Mar 1 20:47:33.218: ISAKMP (0:0): incrementing error counter on sa, attempt 5 of 5: retransmit phase 1 *Mar 1 20:47:33.218: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE *Mar 1 20:47:33.218: ISAKMP:(0): sending packet to 10.100.64.11 my_port 500 peer_port 500 (I) MM_NO_STATE *Mar 1 20:47:33.218: ISAKMP:(0):Sending an IKE IPv4 Packet. vg224# vg224# vg224# vg224# vg224# vg224#no debugg vg224#no debugg *Mar 1 20:47:38.134: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE... *Mar 1 20:47:38.134: ISAKMP (0:0): incrementing error counter on sa, attempt 4 of 5: retransmit phase 1 *Mar 1 20:47:38.134: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE *Mar 1 20:47:38.134: ISAKMP:(0): sending packet to 10.100.64.12 my_port 500 peer_port 500 (I) MM_NO_STATE *Mar 1 20:47:38.134: ISAKMP:(0):Sending an IKE IPv4 Packet. vg224#no debugg  all All possible debugging has been turned off vg224# vg224# vg224# vg224# vg224# vg224# vg224# vg224# vg224# vg224# vg224#