Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
428
Views
0
Helpful
1
Replies

Need a little insight on a couple of IPSec debug messages

techsupport
Level 1
Level 1

‎06-21-2009 10:11 PM - edited ‎03-11-2019 08:46 AM

What could cause this message, shouldn't this part show the subnets I'm connecting via the tunnel. I'm guessing that it is an

access-list issue

"local Proxy Address 0.0.0.0, remote Proxy Address 0.0.0.0"

I'm also gettng "Invalid ID info (18)"

Thanks for your help

FW# Jun 21 23:51:25 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0

Jun 21 23:51:25 [IKEv1]: Group = 71.X.52.X, IP = 71.X.52.X, IKE Initiator: New Phase 2, Intf inside, IKE Peer 71.X.52.X local Proxy Address 0.0.0.0, remote Proxy Address 0.0.0.0, Crypto map (vpn_map)

Jun 21 23:51:25 [IKEv1 DEBUG]: Group = 71.X.52.X, IP = 71.X.52.X, Oakley begin quick mode

Jun 21 23:51:25 [IKEv1 DECODE]: Group = 71.X.52.X, IP = 71.X.52.X, IKE Initiator starting QM: msg id = 62d37a39

Jun 21 23:51:25 [IKEv1 DEBUG]: Group = 71.X.52.X, IP = 71.X.52.X, IKE got SPI from key engine: SPI = 0x2c479723

Jun 21 23:51:25 [IKEv1 DEBUG]: Group = 71.X.52.X, IP = 71.X.52.X, oakley constucting quick mode

Jun 21 23:51:25 [IKEv1 DEBUG]: Group = 71.X.52.X, IP = 71.X.52.X, constructing blank hash payload

Jun 21 23:51:25 [IKEv1 DEBUG]: Group = 71.X.52.X, IP = 71.X.52.X, constructing IPSec SA payload

Jun 21 23:51:25 [IKEv1 DEBUG]: Group = 71.X.52.X, IP = 71.X.52.X, constructing IPSec nonce payload

Jun 21 23:51:25 [IKEv1 DEBUG]: Group = 71.X.52.X, IP = 71.X.52.X, constructing proxy ID

Jun 21 23:51:25 [IKEv1 DEBUG]: Group = 71.X.52.X, IP = 71.X.52.X, Transmitting Proxy Id:

Local subnet: 0.0.0.0 mask 0.0.0.0 Protocol 1 Port 0

Remote subnet: 0.0.0.0 Mask 0.0.0.0 Protocol 1 Port 0

Jun 21 23:51:25 [IKEv1 DEBUG]: Group = 71.X.52.X, IP = 71.X.52.X, constructing qm hash payload

Jun 21 23:51:25 [IKEv1 DECODE]: Group = 71.X.52.X, IP = 71.X.52.X, IKE Initiator sending 1st QM pkt: msg id = 62d37a39

Jun 21 23:51:25 [IKEv1]: IP = 71.X.52.X, IKE_DECODE SENDING Message (msgid=62d37a39) with payloads : HDR + HASH (8) + SA (1) + NONCE (10) + ID (5) + ID (5) + NONE (0) total length : 168

...

Jun 21 23:51:25 [IKEv1]: IP = 71.X.52.X, IKE_DECODE RECEIVED Message (msgid=7237e225) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 224

Jun 21 23:51:25 [IKEv1 DEBUG]: Group = 71.X.52.X, IP = 71.X.52.X, processing hash payload

Jun 21 23:51:25 [IKEv1 DEBUG]: Group = 71.X.52.X, IP = 71.X.52.X, processing notify payload

Jun 21 23:51:25 [IKEv1]: Group = 71.X.52.X, IP = 71.X.52.X, Received non-routine Notify message: Invalid ID info (18)

Jun 21 23:51:26 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0

Labels:
0 Helpful
1 Reply 1

techsupport
Level 1
Level 1

‎06-22-2009 08:01 AM

Please disregard. After changing a few things it morphed into another set of issues

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card