Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

interpretation of pix vpn debug output

i am pasting the below debug on my pix...i couldnt establish vpn connecting pix to pix

-------------------------------

return status is IKMP_NO_ERROR

crypto_isakmp_process_block:src:82.xxx, dest:193.yyy spt:4500 dpt:

4500

ISAKMP (0): processing NOTIFY payload 24576 protocol 1

spi 0, message ID = 945881250

ISAKMP (0): processing responder lifetime

ISAKMP (0): phase 1 responder lifetime of 1000s

return status is IKMP_NO_ERR_NO_TRANS

ISAKMP (0): sending INITIAL_CONTACT notify

ISAKMP (0): sending NOTIFY message 24578 protocol 1

VPN Peer: ISAKMP: Added new peer: ip:82.xxx/4500 Total VPN Peers:1

VPN Peer: ISAKMP: Peer ip:82.xxx/4500 Ref cnt incremented to:1 Total VPN P

eers:1

crypto_isakmp_process_block:src:82.xxx, dest:193.yyy spt:4500 dpt:

4500

ISAKMP: sa not found for ike msg

crypto_isakmp_process_block:src:82.xxx, dest:193.yyy spt:4500 dpt:

4500

ISAKMP (0): processing NOTIFY payload 14 protocol 3

spi 1424868684, message ID = 1040206926

ISAKMP (0): deleting spi 1288039764 message ID = 996742519

return status is IKMP_NO_ERR_NO_TRANS

thanks for the help

2 REPLIES
New Member

Re: interpretation of pix vpn debug output

Would you send me all crypto and isakmp commands on both PIXs?

New Member

Re: interpretation of pix vpn debug output

I have The same Problem , I Have a VPN PIX-506e/6.3(5) and PIX-501/6.3(5) Lan-to-Lan Tunnel Up But Cannot Pass Traffic. I recieve continuously the message ISADB: reaper checking SA 0xa2f324, conn_id = 0, It's on both PIX. and return status is IKMP_NO_ERR_NO_TRANS

the output command sh crypto ipsec sa , when send a

PIX 501

interface: outside

Crypto map tag: vpnmanta, local addr. 192.168.45.4

local ident (addr/mask/prot/port): (10.4.16.0/255.255.255.0/0/0)

remote ident (addr/mask/prot/port): (10.4.0.0/255.255.255.0/0/0)

current_peer: 192.168.45.2:500

PERMIT, flags={origin_is_acl,}

#pkts encaps: 0, #pkts encrypt: 0, #pkts digest 0

#pkts decaps: 4, #pkts decrypt: 4, #pkts verify 4

#pkts compressed: 0, #pkts decompressed: 0

#pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress failed: 0

#send errors 0, #recv errors 0

local crypto endpt.: 192.168.45.4, remote crypto endpt.: 192.168.45.2

path mtu 1500, ipsec overhead 56, media mtu 1500

current outbound spi: 74dd1ea

inbound esp sas:

spi: 0xa0138c28(2685635624)

transform: esp-3des esp-md5-hmac ,

in use settings ={Tunnel, }

slot: 0, conn id: 4, crypto map: vpnmanta

IV size: 8 bytes

replay detection support: Y

outbound esp sas:

spi: 0x74dd1ea(122540522)

transform: esp-3des esp-md5-hmac ,

in use settings ={Tunnel, }

slot: 0, conn id: 3, crypto map: vpnmanta

sa timing: remaining key lifetime (k/sec): (4608000/28223)

IV size: 8 bytes

replay detection support: Y

outbound ah sas:

outbound pcp sas:

PIX 506E:

interface: outside

Crypto map tag: vpnmatriz, local addr. 192.168.45.2

local ident (addr/mask/prot/port): (10.4.0.0/255.255.255.0/0/0)

remote ident (addr/mask/prot/port): (10.4.16.0/255.255.255.0/0/0)

current_peer: 192.168.45.4:500

PERMIT, flags={origin_is_acl,}

#pkts encaps: 4, #pkts encrypt: 4, #pkts digest 4

#pkts decaps: 0, #pkts decrypt: 0, #pkts verify 0

#pkts compressed: 0, #pkts decompressed: 0

#pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress failed: 0

#send errors 1, #recv errors 0

local crypto endpt.: 192.168.45.2, remote crypto endpt.: 192.168.45.4

path mtu 1500, ipsec overhead 56, media mtu 1500

current outbound spi: a0138c28

inbound esp sas:

spi: 0x74dd1ea(122540522)

transform: esp-3des esp-md5-hmac ,

in use settings ={Tunnel, }

slot: 0, conn id: 5, crypto map: vpnmatriz

sa timing: remaining key lifetime (k/sec): (4608000/28003)

IV size: 8 bytes

replay detection support: Y

outbound esp sas:

spi: 0xa0138c28(2685635624)

transform: esp-3des esp-md5-hmac ,

in use settings ={Tunnel, }

slot: 0, conn id: 6, crypto map: vpnmatriz

sa timing: remaining key lifetime (k/sec): (4607999/28003)

IV size: 8 bytes

replay detection support: Y

166
Views
0
Helpful
2
Replies
CreatePlease to create content