Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN Wont establish

I got a calling saying a site to site vpn went down at lunch time. here is the output from

debug crypto map iskamp

anyone got any ideas why phase 1 wont establish. apparently the config has not changed

004135: Oct 16 15:46:18.252 GMT: ISAKMP:(0): SA request profile is (NULL)

004136: Oct 16 15:46:18.252 GMT: ISAKMP: Created a peer struct for 1.2.3.4, peer port 500

004137: Oct 16 15:46:18.252 GMT: ISAKMP: New peer created peer = 0x66987258 peer_handle = 0x80000091

004138: Oct 16 15:46:18.252 GMT: ISAKMP: Locking peer struct 0x66987258, refcount 1 for isakmp_initiator

004139: Oct 16 15:46:18.252 GMT: ISAKMP:(0):Setting client config settings 648D8E78

004140: Oct 16 15:46:18.252 GMT: ISAKMP: local port 500, remote port 500

004141: Oct 16 15:46:18.252 GMT: ISAKMP: set new node 0 to QM_IDLE

004142: Oct 16 15:46:18.252 GMT: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 642FE3D4

004143: Oct 16 15:46:18.252 GMT: ISAKMP:(0):Can not start Aggressive mode, trying Main mode.

004144: Oct 16 15:46:18.252 GMT: ISAKMP:(0):found peer pre-shared key matching 1.2.3.4

004145: Oct 16 15:46:18.252 GMT: ISAKMP:(0): constructed NAT-T vendor-07 ID

004146: Oct 16 15:46:18.252 GMT: ISAKMP:(0): constructed NAT-T vendor-03 ID

004147: Oct 16 15:46:18.252 GMT: ISAKMP:(0): constructed NAT-T vendor-02 ID

004148: Oct 16 15:46:18.252 GMT: ISAKMP:(0):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM

004149: Oct 16 15:46:18.252 GMT: ISAKMP:(0):Old State = IKE_READY New State = IKE_I_MM1

004150: Oct 16 15:46:18.252 GMT: ISAKMP:(0): beginning Main Mode exchange

004151: Oct 16 15:46:18.252 GMT: ISAKMP:(0): sending packet to 1.2.3.4 my_port 500 peer_port 500 (I) MM_NO_STATE

Hestia#

Hestia#

Hestia#

004152: Oct 16 15:46:28.251 GMT: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...

004153: Oct 16 15:46:28.251 GMT: ISAKMP (0:0): incrementing error counter on sa, attempt 1 of 5: retransmit phase 1

004154: Oct 16 15:46:28.251 GMT: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE

004155: Oct 16 15:46:28.251 GMT: ISAKMP:(0): sending packet to 1.2.3.4 my_port 500 peer_port 500 (I) MM_NO_STATE

1 REPLY
Silver

Re: VPN Wont establish

Try the commands 'clear crypto sa' and 'clear crypto isakmp' to clear and bring up the tunnel. Refer to URL

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a00800949c5.shtml

298
Views
3
Helpful
1
Replies