SitetoSite: IKEv2/IPSEC:IPSEC SA failed goes into DB

mperumal2 · ‎10-27-2014

I am testing Crypto Suite B between cisco ASR1001 and ASR1002.

It always fails at phase 2 during IPSEC SA creation with the following msg. Any help?

*Oct 27 19:14:28.860: IKEv2:(SESSION ID = 78,SA ID = 1):Session with IKE ID PAIR (30.255.1.1, 30.255.1.2) is UP
*Oct 27 19:14:28.860: IKEv2:IKEv2 MIB tunnel started, tunnel index 1
*Oct 27 19:14:28.860: IKEv2:no(SESSION ID = 78,SA ID = 1):Load IPSEC key material
*Oct 27 19:14:28.860: IKEv2:(SA ID = 1):[IKEv2 -> IPsec] Create IPsec SA into IPsec database
*Oct 27 19:14:28.861: IKEv2:(SA ID = 1):[IPsec -> IKEv2] Creation of IPsec SA into IPsec database FAILED
*Oct 27 19:14:28.863: IKEv2:(SESSION ID = 78,SA ID = 1):: Creation/Installation of IPsec SA into IPsec DB failed

*Oct 27 19:30:36.039: crypto_engine: Generate IKEv2 auth
*Oct 27 19:30:36.041: crypto_engine_select_crypto_engine: can't handle any more
*Oct 27 19:30:36.041: crypto_engine_select_crypto_engine: can't handle any more
*Oct 27 19:30:36.041: crypto_engine_ipsec_key_create_by_qmv2: no IPSec engine
*Oct 27 19:30:36.041: crypto engine: deleting IPSec SA ???
*Oct 27 19:30:36.041: delete_ipsec_sa: no such crypto engine
*Oct 27 19:30:36.041: crypto engine: deleting IPSec SA ???
*Oct 27 19:30:36.041: delete_ipsec_sa: no such crypto engine
*Oct 27 19:30:36.045: crypto_engine: Encrypt IKEv2 packet
*Oct 27 19:30:36.045: crypto_engine: Generate IKEv2 hash
*Oct 27 19:30:36.045: crypto_engine: Encrypt IKEv2 packet

daniel.herrmann · ‎06-22-2017

I know this issue is quite old, I happen to have the same problem at the moment. Did you ever find a solution?