Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
383
Views
0
Helpful
4
Replies

PIX ISAKMP

Go to solution
BRUNO WOLLMANN
Level 1
Level 1

‎06-13-2006 10:19 AM - edited ‎02-21-2020 12:57 AM

I have turned on debugging for crypto isakmp on my 515 and receive the following message every 20 seconds.

crypto_isakmp_process_block:src:207.47.138.190, dest:"my address" spt:4500 dpt:4500

ISAKMP (0): processing NOTIFY payload 40500 protocol 1

spi 0, message ID = 1302825637

return status is IKMP_NO_ERR_NO_TRANS

The output interpreter says the following...

INFO: This device has recorded the IKMP_NO_ERR_NO_TRANS log message.

This message indicates that ISAKMP had no errors and there is no need for re-transmission.

The purpose of this message is purely informational.

The problem is, I have no reference to 207.47.138.190 in my config. What does this message really mean? Is some someone trying to establish a VPN connection with my PIX?

Thanks

Bruno

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎06-13-2006 11:45 AM

Bruno

The 207.47.138.190 is the address that is attempting to initiate ISAKMP negotiation with you. Do you have a dynamic crypto map configured? This might explain why you do not have any reference to that specific address in the config.

HTH

Rick

HTH

Rick

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎06-13-2006 11:45 AM

Bruno

The 207.47.138.190 is the address that is attempting to initiate ISAKMP negotiation with you. Do you have a dynamic crypto map configured? This might explain why you do not have any reference to that specific address in the config.

HTH

Rick

HTH

Rick
0 Helpful

Go to solution
BRUNO WOLLMANN
Level 1
Level 1
In response to Richard Burts

‎06-13-2006 12:05 PM

I do have a dynamic crypto map - I should have thought of that.

thanks Rick

0 Helpful

Go to solution
BRUNO WOLLMANN
Level 1
Level 1
In response to Richard Burts

‎06-13-2006 01:06 PM

Hi Rick,

I do have another question. Why am I getting this message every 20 seconds if everything is fine (according to the output interpreter)? Does this point to a problem some where?

thanks

Bruno

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to BRUNO WOLLMANN

‎06-13-2006 05:59 PM

Bruno

I am not sure why you would get this every 20 seconds. The idea that occurs to me is that you may have ISAKMP keepalive enabled and the every 20 second message might be the keepalive.

I am not clear whether this represents a problem or not but I am inclined to think it is not a problem. Can you identify what system is at that address and check with them to see if ISAKMP and IPSec are working ok?

HTH

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card