Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
624
Views
0
Helpful
2
Replies

PIX-to-PIX VPN

edwong
Level 1
Level 1

‎02-02-2002 08:55 AM - edited ‎02-21-2020 11:35 AM

Dear all,

I tried to make a VPn tunnel with our remote office using pix to pix, seems that phase 1 has passed but some problem with phase 2. Belows are the debug output, does anybody have any idea?

PIX(config)#

VPN Peer: ISAKMP: Added new peer: ip:remote_public_ip Total VPN Peers:1

VPN Peer: ISAKMP: Peer ip:remote_public_ip Ref cnt incremented to:1 Total VPN Peers:

1

ISAKMP (0): beginning Main Mode exchange

crypto_isakmp_process_block: src remote_public_ip, dest xxx.xxx.xxx.xxx

return status is IKMP_NO_ERR_NO_TRANSIPSEC(key_engine): request timer fired: cou

nt = 1,

(identity) local= xxx.xxx.xxx.xxx, remote= remote_public_ip,

local_proxy= 192.168.47.0/255.255.255.0/0/0 (type=4),

remote_proxy= 192.168.17.0/255.255.255.0/0/0 (type=4)

ISAKMP (0): deleting SA: src xxx.xxx.xxx.xxx, dst remote_public_ip

ISADB: reaper checking SA 0x80d75f50, conn_id = 0 DELETE IT!

VPN Peer: ISAKMP: Peer ip:remote_public_ip Ref cnt decremented to:0 Total VPN Peers:

1

VPN Peer: ISAKMP: Deleted peer: ip:remote_public_ip Total VPN peers:0IPSEC(key_engin

e): request timer fired: count = 2,

(identity) local= xxx.xxx.xxx.xxx, remote= remote_public_ip,

local_proxy= 192.168.47.0/255.255.255.0/0/0 (type=4),

remote_proxy= 192.168.17.0/255.255.255.0/0/0 (type=4)

VPN Peer: ISAKMP: Added new peer: ip:remote_public_ip Total VPN Peers:1

VPN Peer: ISAKMP: Peer ip:remote_public_ip Ref cnt incremented to:1 Total VPN Peers:

1

ISAKMP (0): beginning Main Mode exchange

crypto_isakmp_process_block: src remote_public_ip, dest xxx.xxx.xxx.xxx

return status is IKMP_NO_ERR_NO_TRANSIPSEC(key_engine): request timer fired: cou

nt = 1,

(identity) local= xxx.xxx.xxx.xxx, remote= remote_public_ip,

local_proxy= 192.168.47.0/255.255.255.0/0/0 (type=4),

remote_proxy= 192.168.17.0/255.255.255.0/0/0 (type=4)

ISAKMP (0): deleting SA: src xxx.xxx.xxx.xxx, dst remote_public_ip

ISADB: reaper checking SA 0x80d75f50, conn_id = 0 DELETE IT!

VPN Peer: ISAKMP: Peer ip:remote_public_ip Ref cnt decremented to:0 Total VPN Peers:

1

VPN Peer: ISAKMP: Deleted peer: ip:remote_public_ip Total VPN peers:0IPSEC(key_engin

e): request timer fired: count = 2,

(identity) local= xxx.xxx.xxx.xxx, remote= xxx.xxx.xxx.xxx,

local_proxy= 192.168.47.0/255.255.255.0/0/0 (type=4),

remote_proxy= 192.168.17.0/255.255.255.0/0/0 (type=4)

Thanks.

Edwong

Labels:
0 Helpful
2 Replies 2

edwong
Level 1
Level 1

‎02-02-2002 09:39 AM

Further more, i see there are a lot of send error in the debug...

local ident (addr/mask/prot/port): (192.168.47.0/255.255.255.0/0/0)

remote ident (addr/mask/prot/port): (192.168.17.0/255.255.255.0/0/0)

current_peer: xxx.xxx.xxx

PERMIT, flags={origin_is_acl,}

#pkts encaps: 0, #pkts encrypt: 0, #pkts digest 0

#pkts decaps: 0, #pkts decrypt: 0, #pkts verify 0

#pkts compressed: 0, #pkts decompressed: 0

#pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress failed: 0

#send errors 478, #recv errors 0

local crypto endpt.: xxx.xxx.xxx.xxx, remote crypto endpt.: xxx.xxx.xxx.xxx

path mtu 1500, ipsec overhead 0, media mtu 1500

current outbound spi: 0

Thanks.

0 Helpful

cbc673
Level 1
Level 1
In response to edwong

‎02-08-2002 06:06 PM

This is usually do to ACL's not being configured correctly. Please post your ACL's and your cry maps.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents