Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VPN Concentrator 3020 - Problem with LAN-to-LAN tunnel

Hello,

I'm trying to build a LAN-to-LAN tunnel using my Cisco VPN Concentrator 3020 and another piece of hardware (used the free Linux distribution IPCop and an Instagate). I can get the tunnel be build, but then the tunnel is being disconnected and I can't get a clue what is going wrong. I hope somebody here can help me a little bit.

I will take the IPCop (which should work before 1 feb this year) as example.

am using the following settings:

VPN Concentrator

Authentication ESP/MD5/HMAC-128

Encryption 3DES-168

IKE Proposal IKE-3DES-MD5

IPCop

IKE Encryption: 3DES

IKE Integrity: MD5

IKE Grouptype: MODP-1024

ESP Encryption: 3DES

ESP Integrity: MD5

ESP Grouptype: MODP-1024

This is what the Concentrator gives in his log files:

[quote]

5736 01/29/2007 11:20:25.660 SEV=4 IKE/41 RPT=93 <REMOTE IP>

IKE Initiator: New Phase 1, Intf 2, IKE Peer <REMOTE IP>

local Proxy Address 10.50.0.0, remote Proxy Address 192.168.0.0,

SA (L2L: Test)

5738 01/29/2007 11:20:26.140 SEV=4 IKE/119 RPT=7322 <REMOTE IP>

Group [<REMOTE IP>]

PHASE 1 COMPLETED

5739 01/29/2007 11:20:26.140 SEV=4 AUTH/22 RPT=7240

User [<REMOTE IP>] Group [<REMOTE IP>] connected, Session Type: IPSec/LAN-to

-LAN

5741 01/29/2007 11:20:26.140 SEV=4 AUTH/84 RPT=228

LAN-to-LAN tunnel to headend device <REMOTE IP> connected

5742 01/29/2007 11:20:26.280 SEV=5 IKE/68 RPT=418 <REMOTE IP>

Group [<REMOTE IP>]

Received non-routine Notify message: Invalid ID info (18)

5744 01/29/2007 11:20:34.210 SEV=5 IKE/68 RPT=419 <REMOTE IP>

Group [<REMOTE IP>]

Received non-routine Notify message: Invalid message id (9)

5746 01/29/2007 11:20:42.200 SEV=5 IKE/68 RPT=420 <REMOTE IP>

Group [<REMOTE IP>]

Received non-routine Notify message: Invalid message id (9)

5748 01/29/2007 11:20:44.380 SEV=5 IKE/35 RPT=270 <REMOTE IP>

Group [<REMOTE IP>]

Received remote IP Proxy Subnet data in ID Payload:

Address 192.168.0.0, Mask 255.255.255.0, Protocol 0, Port 0

5751 01/29/2007 11:20:44.380 SEV=5 IKE/34 RPT=8016 <REMOTE IP>

Group [<REMOTE IP>]

Received local IP Proxy Subnet data in ID Payload:

Address 10.50.0.0, Mask 255.255.0.0, Protocol 0, Port 0

5754 01/29/2007 11:20:44.380 SEV=5 IKE/66 RPT=8003 <REMOTE IP>

Group [<REMOTE IP>]

IKE Remote Peer configured for SA: L2L: Test

5755 01/29/2007 11:20:44.520 SEV=5 IKE/68 RPT=421 <REMOTE IP>

Group [<REMOTE IP>]

Received non-routine Notify message: Invalid ID info (18)

5756 01/29/2007 11:20:50.210 SEV=5 IKE/68 RPT=422 <REMOTE IP>

Group [<REMOTE IP>]

Received non-routine Notify message: Invalid message id (9)

5758 01/29/2007 11:20:52.520 SEV=5 IKE/68 RPT=423 <REMOTE IP>

Group [<REMOTE IP>]

Received non-routine Notify message: Invalid ID info (18)

5759 01/29/2007 11:20:54.660 SEV=5 IKE/68 RPT=424 <REMOTE IP>

Group [<REMOTE IP>]

Received non-routine Notify message: Invalid ID info (18)

5760 01/29/2007 11:20:58.140 SEV=4 IKEDBG/97 RPT=318 <REMOTE IP>

Group [<REMOTE IP>]

QM FSM error (P2 struct &0xaaefc18, mess id 0xf508de2d)!

5761 01/29/2007 11:21:02.660 SEV=5 IKE/68 RPT=425 <REMOTE IP>

Group [<REMOTE IP>]

Received non-routine Notify message: Invalid ID info (18)

5762 01/29/2007 11:21:10.520 SEV=4 IKEDBG/97 RPT=319 <REMOTE IP>

Group [<REMOTE IP>]

QM FSM error (P2 struct &0xadb027c, mess id 0x530bcfc5)!

5763 01/29/2007 11:21:10.530 SEV=4 AUTH/23 RPT=230 <REMOTE IP>

User [<REMOTE IP>] Group [<REMOTE IP>] disconnected: duration: 0:00:44

5764 01/29/2007 11:21:10.530 SEV=4 AUTH/85 RPT=228

LAN-to-LAN tunnel to headend device <REMOTE IP> disconnected: duration: 0:00:44

[/quote]

(I removed the IP's for safety).

I hope somebody who knows more of this stuff can take a look at this. Thanks a lot!

1 REPLY
New Member

Re: VPN Concentrator 3020 - Problem with LAN-to-LAN tunnel

Nobody with experience who can help me a little bit??

354
Views
0
Helpful
1
Replies