Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
427
Views
3
Helpful
1
Replies

VPN Wont establish

agent2007
Level 1
Level 1

‎10-16-2007 07:55 AM - edited ‎02-21-2020 03:19 PM

I got a calling saying a site to site vpn went down at lunch time. here is the output from

debug crypto map iskamp

anyone got any ideas why phase 1 wont establish. apparently the config has not changed

004135: Oct 16 15:46:18.252 GMT: ISAKMP:(0): SA request profile is (NULL)

004136: Oct 16 15:46:18.252 GMT: ISAKMP: Created a peer struct for 1.2.3.4, peer port 500

004137: Oct 16 15:46:18.252 GMT: ISAKMP: New peer created peer = 0x66987258 peer_handle = 0x80000091

004138: Oct 16 15:46:18.252 GMT: ISAKMP: Locking peer struct 0x66987258, refcount 1 for isakmp_initiator

004139: Oct 16 15:46:18.252 GMT: ISAKMP:(0):Setting client config settings 648D8E78

004140: Oct 16 15:46:18.252 GMT: ISAKMP: local port 500, remote port 500

004141: Oct 16 15:46:18.252 GMT: ISAKMP: set new node 0 to QM_IDLE

004142: Oct 16 15:46:18.252 GMT: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 642FE3D4

004143: Oct 16 15:46:18.252 GMT: ISAKMP:(0):Can not start Aggressive mode, trying Main mode.

004144: Oct 16 15:46:18.252 GMT: ISAKMP:(0):found peer pre-shared key matching 1.2.3.4

004145: Oct 16 15:46:18.252 GMT: ISAKMP:(0): constructed NAT-T vendor-07 ID

004146: Oct 16 15:46:18.252 GMT: ISAKMP:(0): constructed NAT-T vendor-03 ID

004147: Oct 16 15:46:18.252 GMT: ISAKMP:(0): constructed NAT-T vendor-02 ID

004148: Oct 16 15:46:18.252 GMT: ISAKMP:(0):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM

004149: Oct 16 15:46:18.252 GMT: ISAKMP:(0):Old State = IKE_READY New State = IKE_I_MM1

004150: Oct 16 15:46:18.252 GMT: ISAKMP:(0): beginning Main Mode exchange

004151: Oct 16 15:46:18.252 GMT: ISAKMP:(0): sending packet to 1.2.3.4 my_port 500 peer_port 500 (I) MM_NO_STATE

Hestia#

Hestia#

Hestia#

004152: Oct 16 15:46:28.251 GMT: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...

004153: Oct 16 15:46:28.251 GMT: ISAKMP (0:0): incrementing error counter on sa, attempt 1 of 5: retransmit phase 1

004154: Oct 16 15:46:28.251 GMT: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE

004155: Oct 16 15:46:28.251 GMT: ISAKMP:(0): sending packet to 1.2.3.4 my_port 500 peer_port 500 (I) MM_NO_STATE

Labels:
0 Helpful
1 Reply 1

irisrios
Level 6
Level 6

‎10-22-2007 10:55 AM

Try the commands 'clear crypto sa' and 'clear crypto isakmp' to clear and bring up the tunnel. Refer to URL

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a00800949c5.shtml

Customers Also Viewed These Support Documents