Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco to 3015 Problem.

I have a 3015 configured for seventeen seperate L2L tunnels, one of the tunnels connects, then after 5m or so drops, then reconnects, then drops...etc. I am fairly certain the 3015 on my end is configured correctly, I don't have access to the Cisco router on the other side. I was able to get their admin to run debug for me though, I'll post it below. PLEASE help!

887: idbtype 0, encaps_size 84, header size 36, avail 84

886: 21:33:39: IPSEC(encapsulate): encaps area too small, moving to new buffer:

885: 21:33:39: IPSEC(encapsulate): error in encapsulation crypto_ip_encrypt

884: idbtype 0, encaps_size 84, header size 36, avail 84

883: 21:33:39: IPSEC(encapsulate): encaps area too small, moving to new buffer:

855: idbtype 0, encaps_size 84, header size 36, avail 84

854: 21:30:39: IPSEC(encapsulate): encaps area too small, moving to new buffer:

853: idbtype 0, encaps_size 84, header size 36, avail 84

852: 21:30:39: IPSEC(encapsulate): encaps area too small, moving to new buffer:

851: idbtype 0, encaps_size 84, header size 36, avail 84

850: 21:30:39: IPSEC(encapsulate): encaps area too small, moving to new buffer:

711: remote_proxy= 10.23.0.0/255.255.0.0/0/0 (type=4)

710: local_proxy= 10.2.136.0/255.255.248.0/0/0 (type=4),

709: (identity) local= 205.56.69.20, remote= 144.15.83.49,

708: sa_trans= esp-3des esp-md5-hmac , sa_conn_id= 2001,

707: sa_spi= 0x6888C602(1753794050),

706: (sa) sa_dest= 144.15.83.49, sa_prot= 50,

705: 21:27:49: IPSEC(add_sa): peer asks for new SAs -- expire current in 120 sec.,

704: sa_trans= esp-3des esp-md5-hmac , sa_conn_id= 2005

703: sa_spi= 0x651BB953(1696315731),

702: (sa) sa_dest= 144.15.83.49, sa_prot= 50,

701: 21:27:49: IPSEC(create_sa): sa created,

700: sa_trans= esp-3des esp-md5-hmac , sa_conn_id= 2004

699: sa_spi= 0x2CA6AD26(749120806),

698: (sa) sa_dest= 205.56.69.20, sa_prot= 50,

697: 21:27:49: IPSEC(create_sa): sa created,

696: spi= 0x651BB953(1696315731), conn_id= 2005, keysize= 0, flags= 0x4

695: lifedur= 28800s and 0kb,

694: protocol= ESP, transform= esp-3des esp-md5-hmac ,

693: dest_proxy= 10.23.0.0/255.255.0.0/0/0 (type=4),

692: src_proxy= 10.2.136.0/255.255.248.0/0/0 (type=4),

691: src= 205.56.69.20, dest= 144.15.83.49,

690: (key eng. msg.)

689: 21:27:49: IPSEC(initialize_sas): ,

688: spi= 0x2CA6AD26(749120806), conn_id= 2004, keysize= 0, flags= 0x4

687: lifedur= 28800s and 0kb,

686: protocol= ESP, transform= esp-3des esp-md5-hmac ,

685: src_proxy= 10.23.0.0/255.255.0.0/0/0 (type=4),

684: dest_proxy= 10.2.136.0/255.255.248.0/0/0 (type=4),

683: (key eng. msg.) dest= 205.56.69.20, src= 144.15.83.49,

682: 21:27:49: IPSEC(initialize_sas): ,

681: 21:27:49: IPSEC(key_engine): got a queue event...

680: 21:27:49: ISAKMP (0:40): deleting node 460806576 error FALSE reason "quick mode done (await()"

679: 21:27:49: lifetime of 28800 seconds

678: 21:27:49: has spi 1696315731 and conn_id 2005 and flags 4

677: 21:27:49: outbound SA from 205.56.69.20 to 144.15.83.49 (proxy 10.2.136.0 to 10.23.0.0 )

676: 21:27:49: lifetime of 28800 seconds

675: 21:27:49: has spi 0x2CA6AD26 and conn_id 2004 and flags 4

674: (proxy 10.23.0.0 to 10.2.136.0)

673: 21:27:49: inbound SA from 144.15.83.49 to 205.56.69.20

672: 21:27:49: ISAKMP (0:40): Creating IPSec SAs

671: 21:27:49: ISAKMP (0:40): received packet from 144.15.83.49 (R) QM_IDLE

670: 21:27:48: ISAKMP (0:40): sending packet to 144.15.83.49 (R) QM_IDLE

669: 21:27:48: ISAKMP: received ke message (2/1)

"668: from 144.15.83.49 to 205.56.69.20 for prot 3"

667: 21:27:48: IPSEC(spi_response): getting spi 749120806 for SA

666: 21:27:48: IPSEC(key_engine): got a queue event...

665: 21:27:48: ISAKMP (0:40): asking for 1 spis from ipsec

664: 21:27:48: ISAKMP (40): ID_IPV4_ADDR_SUBNET dst 10.2.136.0/255.255.248.0 prot 0 port 0

663: 21:27:48: ISAKMP (0:40): processing ID payload. message ID = 460806576

662: 21:27:48: ISAKMP (40): ID_IPV4_ADDR_SUBNET src 10.23.0.0/255.255.0.0 prot 0 port 0

661: 21:27:48: ISAKMP (0:40): processing ID payload. message ID = 460806576

660: 21:27:48: ISAKMP (0:40): processing NONCE payload. message ID = 460806576

659: spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x4

658: lifedur= 0s and 0kb,

657: protocol= ESP, transform= esp-3des esp-md5-hmac ,

656: src_proxy= 10.23.0.0/255.255.0.0/0/0 (type=4),

655: dest_proxy= 10.2.136.0/255.255.248.0/0/0 (type=4),

654: (key eng. msg.) dest= 205.56.69.20, src= 144.15.83.49,

653: 21:27:48: IPSEC(validate_proposal_request): proposal part #1,

652: 21:27:48: ISAKMP (0:40): atts are acceptable.

651: 21:27:48: ISAKMP: authenticator is HMAC-MD5

650: 21:27:48: ISAKMP: encaps is 1

649: 21:27:48: ISAKMP: SA life duration (basic) of 28800

648: 21:27:48: ISAKMP: SA life type in seconds

647: 21:27:48: ISAKMP: attributes in transform:

646: 21:27:48: ISAKMP: transform 1, ESP_3DES

645: 21:27:48: ISAKMP (0:40): Checking IPSec proposal 1

644: 21:27:48: ISAKMP (0:40): processing SA payload. message ID = 460806576

643: 21:27:48: ISAKMP (0:40): processing HASH payload. message ID = 460806576

642: 21:27:48: ISAKMP (0:40): received packet from 144.15.83.49 (R) QM_IDLE

641: 21:27:48: ISAKMP:received payload type 0

640: 21:27:48: ISAKMP (0:40): deleting node -395556257 error FALSE reason "informational (in) state 2"

639: 21:27:48: ISAKMP (0:40): incrementing error counter on sa: some bad notify

"638: spi 1753794050, message ID = -395556257, sa = 822444C0"

637: 21:27:48: ISAKMP (0:40): processing NOTIFY INVALID_SPI protocol 1

636: 21:27:48: ISAKMP (0:40): processing HASH payload. message ID = -395556257

635: 21:27:48: ISAKMP (0:40): received packet from 144.15.83.49 (R) QM_IDLE

634: 21:27:48: ISAKMP:received payload type 0

633: 21:27:48: ISAKMP (0:40): deleting node 766864525 error FALSE reason "informational (in) state 2"

632: 21:27:48: ISAKMP (0:40): incrementing error counter on sa: some bad notify

"631: spi 1753794050, message ID = 766864525, sa = 822444C0"

630: 21:27:48: ISAKMP (0:40): processing NOTIFY INVALID_SPI protocol 1

629: 21:27:48: ISAKMP (0:40): processing HASH payload. message ID = 766864525

628: 21:27:48: ISAKMP (0:40): received packet from 144.15.83.49 (R) QM_IDLE

627: 21:27:46: ISAKMP:received payload type 0

626: 21:27:46: ISAKMP (0:40): deleting node -2087709340 error FALSE reason "informational (in) state 2"

625: 21:27:46: ISAKMP (0:40): incrementing error counter on sa: some bad notify

"624: spi 1753794050, message ID = -2087709340, sa = 822444C0"

623: 21:27:46: ISAKMP (0:40): processing NOTIFY INVALID_SPI protocol 1

622: 21:27:46: ISAKMP (0:40): processing HASH payload. message ID = -2087709340

621: 21:27:46: ISAKMP (0:40): received packet from 144.15.83.49 (R) QM_IDLE

620: 21:27:45: ISAKMP:received payload type 0

619: 21:27:45: ISAKMP (0:40): deleting node -1979225688 error FALSE reason "informational (in) state 2"

618: 21:27:45: ISAKMP (0:40): incrementing error counter on sa: some bad notify

"617: spi 1753794050, message ID = -1979225688, sa = 822444C0"

616: 21:27:45: ISAKMP (0:40): processing NOTIFY INVALID_SPI protocol 1

615: 21:27:45: ISAKMP (0:40): processing HASH payload. message ID = -1979225688

614: 21:27:45: ISAKMP (0:40): received packet from 144.15.83.49 (R) QM_IDLE

613: 21:27:43: ISAKMP:received payload type 0

612: 21:27:43: ISAKMP (0:40): deleting node -957429003 error FALSE reason "informational (in) state 2"

611: 21:27:43: ISAKMP (0:40): incrementing error counter on sa: some bad notify

"610: spi 1753794050, message ID = -957429003, sa = 822444C0"

609: 21:27:43: ISAKMP (0:40): processing NOTIFY INVALID_SPI protocol 1

608: 21:27:43: ISAKMP (0:40): processing HASH payload. message ID = -957429003

607: 21:27:43: ISAKMP (0:40): received packet from 144.15.83.49 (R) QM_IDLE

606: 21:27:42: ISAKMP:received payload type 0

605: 21:27:42: ISAKMP (0:40): deleting node 1815547596 error FALSE reason "informational (in) state 2"

604: 21:27:42: ISAKMP (0:40): incrementing error counter on sa: some bad notify

"603: spi 1753794050, message ID = 1815547596, sa = 822444C0"

2 REPLIES
New Member

Re: Cisco to 3015 Problem.

This mostly could be a timer problem, not sure though

New Member

Re: Cisco to 3015 Problem.

Not sure what you mean by timing. If you mean system time I have sync'd with an external NTP time server.

If you mean clocking I don't see any settings for specifying a clock source like you do in the router IOS for a WIC.

146
Views
0
Helpful
2
Replies
CreatePlease login to create content