Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

DMVPN tunnel working but no ISAKMP peer other no phase 2 negotiation

I have a setup with 2 871s (spokes) and one 2851 (hub).

Tunnel between 871s works but shows no crypto isakmp peer. Show crypto sessions details shows UP_NO_IKE.

I think this is rather strange.

One of the 871s has established tunnel to 2851. Otherone (showing the UP_NO_IKE) tries to establish the tunnel to the 2851 but it does not work.

I engineered the tunnel between the 871s not to use the dynamic multipoint instead I defined a seperate tunnel.

This to prevent overall network outage if the hub is not reachable.

The Hub says the failing 871's atts for phase 2 are not acceptable. This is really weird: it did work in test and production. Stopped working without any change.

The 2851 serves many more connections all working fine.

Both problems on the same router give me the impression, something is wrong on the router. Reloading can be risky. Router is located on long distance.

Any ideas?

Bas Kokken

1 REPLY
Silver

Re: DMVPN tunnel working but no ISAKMP peer other no phase 2 neg

IKE automatically negotiates IPSec security associations and enables IPSec secure communications without manual preconfiguration.Try manually configuring manually Ipsec security associations.Refer the following URL

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_user_guide_chapter09186a0080106f69.html#50090

112
Views
0
Helpful
1
Replies
CreatePlease login to create content