Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Need a little insight on a couple of IPSec debug messages

What could cause this message, shouldn't this part show the subnets I'm connecting via the tunnel. I'm guessing that it is an

access-list issue

"local Proxy Address 0.0.0.0, remote Proxy Address 0.0.0.0"

I'm also gettng "Invalid ID info (18)"

Thanks for your help

FW# Jun 21 23:51:25 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0

Jun 21 23:51:25 [IKEv1]: Group = 71.X.52.X, IP = 71.X.52.X, IKE Initiator: New Phase 2, Intf inside, IKE Peer 71.X.52.X local Proxy Address 0.0.0.0, remote Proxy Address 0.0.0.0, Crypto map (vpn_map)

Jun 21 23:51:25 [IKEv1 DEBUG]: Group = 71.X.52.X, IP = 71.X.52.X, Oakley begin quick mode

Jun 21 23:51:25 [IKEv1 DECODE]: Group = 71.X.52.X, IP = 71.X.52.X, IKE Initiator starting QM: msg id = 62d37a39

Jun 21 23:51:25 [IKEv1 DEBUG]: Group = 71.X.52.X, IP = 71.X.52.X, IKE got SPI from key engine: SPI = 0x2c479723

Jun 21 23:51:25 [IKEv1 DEBUG]: Group = 71.X.52.X, IP = 71.X.52.X, oakley constucting quick mode

Jun 21 23:51:25 [IKEv1 DEBUG]: Group = 71.X.52.X, IP = 71.X.52.X, constructing blank hash payload

Jun 21 23:51:25 [IKEv1 DEBUG]: Group = 71.X.52.X, IP = 71.X.52.X, constructing IPSec SA payload

Jun 21 23:51:25 [IKEv1 DEBUG]: Group = 71.X.52.X, IP = 71.X.52.X, constructing IPSec nonce payload

Jun 21 23:51:25 [IKEv1 DEBUG]: Group = 71.X.52.X, IP = 71.X.52.X, constructing proxy ID

Jun 21 23:51:25 [IKEv1 DEBUG]: Group = 71.X.52.X, IP = 71.X.52.X, Transmitting Proxy Id:

Local subnet: 0.0.0.0 mask 0.0.0.0 Protocol 1 Port 0

Remote subnet: 0.0.0.0 Mask 0.0.0.0 Protocol 1 Port 0

Jun 21 23:51:25 [IKEv1 DEBUG]: Group = 71.X.52.X, IP = 71.X.52.X, constructing qm hash payload

Jun 21 23:51:25 [IKEv1 DECODE]: Group = 71.X.52.X, IP = 71.X.52.X, IKE Initiator sending 1st QM pkt: msg id = 62d37a39

Jun 21 23:51:25 [IKEv1]: IP = 71.X.52.X, IKE_DECODE SENDING Message (msgid=62d37a39) with payloads : HDR + HASH (8) + SA (1) + NONCE (10) + ID (5) + ID (5) + NONE (0) total length : 168

...

Jun 21 23:51:25 [IKEv1]: IP = 71.X.52.X, IKE_DECODE RECEIVED Message (msgid=7237e225) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 224

Jun 21 23:51:25 [IKEv1 DEBUG]: Group = 71.X.52.X, IP = 71.X.52.X, processing hash payload

Jun 21 23:51:25 [IKEv1 DEBUG]: Group = 71.X.52.X, IP = 71.X.52.X, processing notify payload

Jun 21 23:51:25 [IKEv1]: Group = 71.X.52.X, IP = 71.X.52.X, Received non-routine Notify message: Invalid ID info (18)

Jun 21 23:51:26 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0

1 REPLY
New Member

Re: Need a little insight on a couple of IPSec debug messages

Please disregard. After changing a few things it morphed into another set of issues

271
Views
0
Helpful
1
Replies
CreatePlease login to create content