02-02-2002 08:55 AM - edited 02-21-2020 11:35 AM
Dear all,
I tried to make a VPn tunnel with our remote office using pix to pix, seems that phase 1 has passed but some problem with phase 2. Belows are the debug output, does anybody have any idea?
PIX(config)#
VPN Peer: ISAKMP: Added new peer: ip:remote_public_ip Total VPN Peers:1
VPN Peer: ISAKMP: Peer ip:remote_public_ip Ref cnt incremented to:1 Total VPN Peers:
1
ISAKMP (0): beginning Main Mode exchange
crypto_isakmp_process_block: src remote_public_ip, dest xxx.xxx.xxx.xxx
return status is IKMP_NO_ERR_NO_TRANSIPSEC(key_engine): request timer fired: cou
nt = 1,
(identity) local= xxx.xxx.xxx.xxx, remote= remote_public_ip,
local_proxy= 192.168.47.0/255.255.255.0/0/0 (type=4),
remote_proxy= 192.168.17.0/255.255.255.0/0/0 (type=4)
ISAKMP (0): deleting SA: src xxx.xxx.xxx.xxx, dst remote_public_ip
ISADB: reaper checking SA 0x80d75f50, conn_id = 0 DELETE IT!
VPN Peer: ISAKMP: Peer ip:remote_public_ip Ref cnt decremented to:0 Total VPN Peers:
1
VPN Peer: ISAKMP: Deleted peer: ip:remote_public_ip Total VPN peers:0IPSEC(key_engin
e): request timer fired: count = 2,
(identity) local= xxx.xxx.xxx.xxx, remote= remote_public_ip,
local_proxy= 192.168.47.0/255.255.255.0/0/0 (type=4),
remote_proxy= 192.168.17.0/255.255.255.0/0/0 (type=4)
VPN Peer: ISAKMP: Added new peer: ip:remote_public_ip Total VPN Peers:1
VPN Peer: ISAKMP: Peer ip:remote_public_ip Ref cnt incremented to:1 Total VPN Peers:
1
ISAKMP (0): beginning Main Mode exchange
crypto_isakmp_process_block: src remote_public_ip, dest xxx.xxx.xxx.xxx
return status is IKMP_NO_ERR_NO_TRANSIPSEC(key_engine): request timer fired: cou
nt = 1,
(identity) local= xxx.xxx.xxx.xxx, remote= remote_public_ip,
local_proxy= 192.168.47.0/255.255.255.0/0/0 (type=4),
remote_proxy= 192.168.17.0/255.255.255.0/0/0 (type=4)
ISAKMP (0): deleting SA: src xxx.xxx.xxx.xxx, dst remote_public_ip
ISADB: reaper checking SA 0x80d75f50, conn_id = 0 DELETE IT!
VPN Peer: ISAKMP: Peer ip:remote_public_ip Ref cnt decremented to:0 Total VPN Peers:
1
VPN Peer: ISAKMP: Deleted peer: ip:remote_public_ip Total VPN peers:0IPSEC(key_engin
e): request timer fired: count = 2,
(identity) local= xxx.xxx.xxx.xxx, remote= xxx.xxx.xxx.xxx,
local_proxy= 192.168.47.0/255.255.255.0/0/0 (type=4),
remote_proxy= 192.168.17.0/255.255.255.0/0/0 (type=4)
Thanks.
Edwong
02-02-2002 09:39 AM
Further more, i see there are a lot of send error in the debug...
local ident (addr/mask/prot/port): (192.168.47.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (192.168.17.0/255.255.255.0/0/0)
current_peer: xxx.xxx.xxx
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress failed: 0
#send errors 478, #recv errors 0
local crypto endpt.: xxx.xxx.xxx.xxx, remote crypto endpt.: xxx.xxx.xxx.xxx
path mtu 1500, ipsec overhead 0, media mtu 1500
current outbound spi: 0
Thanks.
02-08-2002 06:06 PM
This is usually do to ACL's not being configured correctly. Please post your ACL's and your cry maps.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: