Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Duplicate first packet detected! - Any idea what this is?

Hi Everybody,

Anybody heard of this problem? we are doing LAN2LAN connections with 3000 concentrators and have sucessfully got a large number going. But we are plagued by this error. It happens only occasionally. I couldn't find any reference to it all on the Cisco site here.

Sometimes it connects after a period of time othertimes it doesn't connect at all.

9891 10/30/2002 14:03:37.460 SEV=4 IKE/0 RPT=8136 x.x.x.x

Duplicate first packet detected!

Thanks heaps and regards

Matthew

4 REPLIES
New Member

Re: Duplicate first packet detected! - Any idea what this is?

Also i should mention the events that happen before hand:

9911 10/30/2002 14:08:15.420 SEV=4 IKE/0 RPT=8152 x.x.x.x

Duplicate first packet detected!

9920 10/30/2002 14:09:41.520 SEV=4 IKE/41 RPT=yyy.yyy.yyy.yyy.yyy

IKE Initiator: New Phase 1, Intf 2, IKE Peer xxx.xxx.xxx.xxx

local Proxy Address 202.64.25.195, remote Proxy Address xxx.xxx.xxx.xxx,

SA (L2L: xxxxxxxxxxx)

New Member

Re: Duplicate first packet detected! - Any idea what this is?

I am having a simular problem. I have a single 3015 concentrator and several 3002 hardware clients set up nation wide. I get the error randomly and infrequently on some of the systems, but one in particular seems to get the error more often and for a much longer duration. The only difference in that system and the others, that I currently know about, is that the network it is on will not renew it's DHCP leased IP address. It generaly reports the error and then logs on after 25-40 attempts. Today I changed the IKE sa rule to SHA and it seems that it is taking longer to connect than usual. I hope this helps, and if you find another soulution please tell me. Thanx

Cisco Employee

Re: Duplicate first packet detected! - Any idea what this is?

It usually occurs when packets timeout or there are routing problems in the network. Essentially the IKE exchange between the peers fails when this happens. In an IKE exchange the following happens:

1) IKE initator sends IKE MSG1

2) IKE responder sends MSG2 and is expecting MSG3 from initiator

3) IKE initiator sends MSG3 and the negotiation continues......and so on

The problem you are experiencing seems to be that the IKE responder

sends MSG2; the IKE initator never received MSG2 and transmits MSG1 again.

The IKE responder receives MSG1 ans says " hey, I already got that duplicate packet" and sends MSG2...and the cycle repeats a few more times (3) until the exchange stops..and thus tunnel fails to establish.

Nelson

New Member

Re: Duplicate first packet detected! - Any idea what this is?

I am Having a Duplicate Phase 1 Packet detected which sounds like this thread, The question is How do you fix it, Are there timing Parameters that can be changed to fix this?

3508
Views
4
Helpful
4
Replies
CreatePlease login to create content