Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

A configuration stable for months suddenly gives "unable to compute hash!"


We have a problem where a certificate based VPN that has been stable for months suddenly stopped coming up and gives the following debug:

088074: Oct  9 10:56:00.228: ISAKMP:(0): unable to compute hash!

088075: Oct  9 10:56:00.228: ISAKMP:(0): unable to compute hash for signature!

088076: Oct  9 10:56:00.228: ISAKMP:(0):peer does not do paranoid keepalives.

088077: Oct  9 10:56:00.228: ISAKMP:(0):deleting SA reason "IKMP_ERR_NO_RETRANS" state (R) AG_NO_STATE (peer )

088078: Oct  9 10:56:00.228: ISAKMP (0:0): FSM action returned error: 2

088079: Oct  9 10:56:00.228: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_AM_EXCH

088080: Oct  9 10:56:00.228: ISAKMP:(0):Old State = IKE_READY  New State = IKE_R_AM2

Certificates are valid on both sides, times and dates are valid, we obviously have connectivity but can not bring the tunnel up.

Any thoughts would be appreciated.