cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6384
Views
9
Helpful
4
Replies

Duplicate first packet detected! - Any idea what this is?

mwestern
Level 1
Level 1

Hi Everybody,

Anybody heard of this problem? we are doing LAN2LAN connections with 3000 concentrators and have sucessfully got a large number going. But we are plagued by this error. It happens only occasionally. I couldn't find any reference to it all on the Cisco site here.

Sometimes it connects after a period of time othertimes it doesn't connect at all.

9891 10/30/2002 14:03:37.460 SEV=4 IKE/0 RPT=8136 x.x.x.x

Duplicate first packet detected!

Thanks heaps and regards

Matthew

4 Replies 4

mwestern
Level 1
Level 1

Also i should mention the events that happen before hand:

9911 10/30/2002 14:08:15.420 SEV=4 IKE/0 RPT=8152 x.x.x.x

Duplicate first packet detected!

9920 10/30/2002 14:09:41.520 SEV=4 IKE/41 RPT=yyy.yyy.yyy.yyy.yyy

IKE Initiator: New Phase 1, Intf 2, IKE Peer xxx.xxx.xxx.xxx

local Proxy Address 202.64.25.195, remote Proxy Address xxx.xxx.xxx.xxx,

SA (L2L: xxxxxxxxxxx)

Lyle.Cates
Level 1
Level 1

I am having a simular problem. I have a single 3015 concentrator and several 3002 hardware clients set up nation wide. I get the error randomly and infrequently on some of the systems, but one in particular seems to get the error more often and for a much longer duration. The only difference in that system and the others, that I currently know about, is that the network it is on will not renew it's DHCP leased IP address. It generaly reports the error and then logs on after 25-40 attempts. Today I changed the IKE sa rule to SHA and it seems that it is taking longer to connect than usual. I hope this helps, and if you find another soulution please tell me. Thanx

It usually occurs when packets timeout or there are routing problems in the network. Essentially the IKE exchange between the peers fails when this happens. In an IKE exchange the following happens:

1) IKE initator sends IKE MSG1

2) IKE responder sends MSG2 and is expecting MSG3 from initiator

3) IKE initiator sends MSG3 and the negotiation continues......and so on

The problem you are experiencing seems to be that the IKE responder

sends MSG2; the IKE initator never received MSG2 and transmits MSG1 again.

The IKE responder receives MSG1 ans says " hey, I already got that duplicate packet" and sends MSG2...and the cycle repeats a few more times (3) until the exchange stops..and thus tunnel fails to establish.

Nelson

I am Having a Duplicate Phase 1 Packet detected which sounds like this thread, The question is How do you fix it, Are there timing Parameters that can be changed to fix this?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: