Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ISAKMP Failing

Hi Guys,

ISAKMP on one of my routers is faililng and im not too sure why. I have narrowed down what the issue may be

Jan 4 12:21:10: ISAKMP:(0:0:N/A:0): beginning Main Mode exchange

Jan 4 12:21:10: ISAKMP:(0:0:N/A:0): sending packet to my_port 500 peer_port 500 (I) MM_NO_STATE

Jan 4 12:21:10: ISAKMP:(0:0:N/A:0): retransmitting phase 1 MM_NO_STATE...

Jan 4 12:21:10: ISAKMP:(0:0:N/A:0):peer does not do paranoid keepalives.

Jan 4 12:21:10: ISAKMP:(0:0:N/A:0):deleting SA reason "P1 delete notify (in)" state (I) MM_NO_STATE (peer

Jan 4 12:21:10: ISAKMP: Unlocking IKE struct 0x81B0D524 for isadb_mark_sa_deleted(), count 0

Jan 4 12:21:10: ISAKMP: Deleting peer node by peer_reap for 81B0D524

Jan 4 12:21:10: ISAKMP:(0:0:N/A:0):deleting node -884078831 error FALSE reason "IKE deleted"

Jan 4 12:21:10: ISAKMP:(0:0:N/A:0):deleting node 1613284320 error FALSE reason "IKE deleted"

Jan 4 12:21:10: ISAKMP:(0:0:N/A:0):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL

Jan 4 12:21:10: ISAKMP:(0:0:N/A:0):Old State = IKE_I_MM1 New State = IKE_DEST_SA

It seems as if we are sending a request to our peer but we do not receive one back.

I have checked the remote peer and it is configured correctly so im sure that is not the issue.

Doer anyone have any ideas?


Cisco Employee

Re: ISAKMP Failing

If this is all the debugs that you are seeing, then you are correct, looks like is not responding to phase 1 of the IPSEC Tunnel.

What about the debugs on .163. If you are not seeing anything on the debugs, probably there is a firewall that is blocking UDP Port 500 towards .163. If you are seeing .163 respond, then could be a firewall that is blocking UDP Port 500 towards the router you initiated the connection.

Make sure the configuration is correct and there is no firewall or ACLs that are blocking UDP Port 500 and Protocol 50 (ESP).

I hope it helps.