Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

3005 to IOS

I am trying to get a 3005 to establish a tunnel to an IOS box.

Here are some logs from the 3005 debug...

528 04/06/2003 08:16:20.380 SEV=9 AUTHDBG/70 RPT=2

Auth Server e44af4 has been unbound from ACB 1e0001c, sessions = 0

529 04/06/2003 08:16:20.380 SEV=8 AUTHDBG/10 RPT=2

AUTH_Int_FreeAuthCB(1e0001c)

530 04/06/2003 08:16:20.380 SEV=7 AUTH/13 RPT=2

Authentication session closed: handle = 1

531 04/06/2003 08:16:20.670 SEV=8 IKEDECODE/0 RPT=25 198.93.156.3

ISAKMP HEADER : ( Version 1.0 )

Initiator Cookie(8): BB 10 96 7D C9 4E 9F E7

Responder Cookie(8): DF C5 C1 AD C4 5E 78 8A

Next Payload : HASH (8)

Exchange Type : Oakley Quick Mode

Flags : 1 (ENCRYPT )

Message ID : 8d99e9f3

Length : 188

538 04/06/2003 08:16:20.670 SEV=8 IKEDBG/0 RPT=82 198.93.156.3

RECEIVED Message (msgid=8d99e9f3) with payloads :

HDR + HASH (8) + SA (1) + NONCE (10) + ID (5) + ID (5) + NOTIFY (11) + NONE (0)

total length : 180

Has anybody ever gotten this to work?

2 REPLIES
New Member

Re: 3005 to IOS

Debug logs from the IOS side

003062: 13:23:05: ISAKMP (0:6): purging SA., sa=62FA68FC, delme=62FA68FC

003063: 13:23:05: CryptoEngine0: delete connection 6

003064: 13:23:05: CryptoEngine0: CRYPTO_ISA_SA_DELETE(hw)(ipsec)

003065: 13:23:05: CryptoEngine0: delete connection 6

003066: 13:23:07: ISAKMP (0:7): received packet from 198.93.159.3 (I) QM_IDLE

003067: 13:23:07: CryptoEngine0: CRYPTO_ISA_IKE_DECRYPT(hw)(ipsec)

003068: 13:23:07: CryptoEngine0: generate hmac context for conn id 7

003069: 13:23:07: CryptoEngine0: CRYPTO_ISA_IKE_HMAC(hw)(ipsec)

003070: 13:23:07: ISAKMP (0:7): processing HASH payload. message ID = 1146638709

003071: 13:23:07: ISAKMP (0:7): processing DELETE payload. message ID = 11466387

09

003072: 13:23:07: ISAKMP (0:7): peer does not do paranoid keepalives.

003073: 13:23:07: ISAKMP (0:7): deleting node 1146638709 error FALSE reason "inf

ormational (in) state 1"

003074: 13:23:07: ISAKMP (0:7): Input = IKE_MESG_FROM_PEER, IKE_INFO_DELETE

Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE

003075: 13:23:07: ISAKMP (0:8): purging node 100996465

003076: 13:23:16: IPSEC(decapsulate): error in decapsulation crypto_ipsec_input

003077: 13:23:18: ISAKMP (0:9): purging node 354523817

003078: 13:23:18: ISAKMP (0:8): purging node -557896245

Bronze

Re: 3005 to IOS

Hi,

please post complete debugs from the router, and vpn3k, u can follow a sample config here:

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008009482e.shtml

Thx

Afaq

155
Views
0
Helpful
2
Replies