Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 


hi all

i want to know y i m getting this message though i m not running IPSEC in my router.i m getting this error since my router is trying to form a peer with the remote or the remote router is trying to form peer with my router ???

ROUTER#sh log | include IKMP

Jul 29 08:52:23.434 IST: %CRYPTO-4-IKMP_NO_SA: IKE message from has no SA and is not an initialization offer

Jul 29 09:42:25.726 IST: %CRYPTO-4-IKMP_NO_SA: IKE message from has no SA and is not an initialization offer

Jul 30 01:38:23.938 IST: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Main mode failed wi th peer at

Jul 30 01:39:16.170 IST: %CRYPTO-4-IKMP_NO_SA: IKE message from has no SA and is not an initialization offer

thx in advance


Cisco Employee


It would seem that someone "thinks" you're running IPSec on this router, cause there's 3 devices sending you IPSec packets.

Are you "sure" you're not running IPsec on this router? Is this router in a redundant pair (HSRP/VRRP/etc) with another router that is running IPSec?

Certainly those 3 devices are sending you IKE packets for some reason. I would suggest you track down those devices and who owns them and see what's going on.

New Member


Hi Prem,

The "%CRYPTO-6-IKMP_MODE_FAILURE: Processing of Main mode failed with peer" clearly a case when there is a mismatched Transform set on either side. You should have been accidently running IPSec on your side, otherwise your router wouldn't start processing the Main Mode ! The start of the Main mode processing means that it has identified the interesting traffic and is trying to negotiate a isakmp policy with the peer. However, this exercise goes futile since there is no SA and crypto traffic was received. (See %CRYPTO-4-IKMP_NO_SA error).

This is clearly a case when the remote router(s) are trying to peer with your router but you don't have IPSec SAs up on your side.


Hi Glenn&Naveen

i m pretty sure that we arent running IPSEC in any of our routers here.

My only concern is recently we hve seen a peer message with Microsoft corp IP,thatsy i m wondering whether the remote ip from Microsoft Corp is trying or anyone else from outside trying out from our router to see the vulnerability ther in Microsoft.

in the second case Microsoft will block our ip if someone is trying to do that...

pls guide me to check this problem and avoid getting the same negotiation from remote peers..



CreatePlease to create content