Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX ISAKMP

I have turned on debugging for crypto isakmp on my 515 and receive the following message every 20 seconds.

crypto_isakmp_process_block:src:207.47.138.190, dest:"my address" spt:4500 dpt:4500

ISAKMP (0): processing NOTIFY payload 40500 protocol 1

spi 0, message ID = 1302825637

return status is IKMP_NO_ERR_NO_TRANS

The output interpreter says the following...

INFO: This device has recorded the IKMP_NO_ERR_NO_TRANS log message.

This message indicates that ISAKMP had no errors and there is no need for re-transmission.

The purpose of this message is purely informational.

The problem is, I have no reference to 207.47.138.190 in my config. What does this message really mean? Is some someone trying to establish a VPN connection with my PIX?

Thanks

Bruno

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

Re: PIX ISAKMP

Bruno

The 207.47.138.190 is the address that is attempting to initiate ISAKMP negotiation with you. Do you have a dynamic crypto map configured? This might explain why you do not have any reference to that specific address in the config.

HTH

Rick

4 REPLIES
Hall of Fame Super Silver

Re: PIX ISAKMP

Bruno

The 207.47.138.190 is the address that is attempting to initiate ISAKMP negotiation with you. Do you have a dynamic crypto map configured? This might explain why you do not have any reference to that specific address in the config.

HTH

Rick

New Member

Re: PIX ISAKMP

I do have a dynamic crypto map - I should have thought of that.

thanks Rick

New Member

Re: PIX ISAKMP

Hi Rick,

I do have another question. Why am I getting this message every 20 seconds if everything is fine (according to the output interpreter)? Does this point to a problem some where?

thanks

Bruno

Hall of Fame Super Silver

Re: PIX ISAKMP

Bruno

I am not sure why you would get this every 20 seconds. The idea that occurs to me is that you may have ISAKMP keepalive enabled and the every 20 second message might be the keepalive.

I am not clear whether this represents a problem or not but I am inclined to think it is not a problem. Can you identify what system is at that address and check with them to see if ISAKMP and IPSec are working ok?

HTH

Rick

130
Views
0
Helpful
4
Replies
CreatePlease login to create content