Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

vpn3000 concentrator error msg! Could not find assigned address for tunnel!

I'm setting up ezvpn connection in network extension mode between 806 router and vpn3030 concentrator. When first time start the vpn connection, the connection works well. But if I disconnects the vpn tunnel, then try to start tunnel again I'm getting folowing errors.

In the VPN3000:

6158 04/16/2004 19:25:55.080 SEV=7 IPSECDBG/1 RPT=407

Could not find assigned address for tunnel!

10728 04/16/2004 19:43:55.910 SEV=6 IKE/38 RPT=13 192.168.22.2

Header invalid, missing SA payload! (next payload = 8)

11696 04/16/2004 19:49:29.190 SEV=6 IKE/0 RPT=34 192.168.22.2

Group [MINoIC] User [chinba]

Removing peer from correlator table failed, no match!

Duplicate Phase 2 packet detected. Retransmitting last packet.

QM FSM error (P2 struct &0xaf27a88, mess id 0x55a8fa80)!

In the 806 router:

00:11:49: ISAKMP (0:1): received packet from 172.16.4.4 dport 500 sport 500 Glob

al (I) QM_IDLE

00:11:49: ISAKMP (0:1): processing HASH payload. message ID = 355151573

00:11:49: ISAKMP (0:1): processing SA payload. message ID = 355151573

00:11:49: ISAKMP (0:1): Checking IPSec proposal 1

00:11:49: ISAKMP: transform 1, ESP_3DES

00:11:49: ISAKMP: attributes in transform:

00:11:49: ISAKMP: SA life type in seconds

00:11:49: ISAKMP: SA life duration (VPI) of 0x0 0x20 0xC4 0x9B

00:11:49: ISAKMP: SA life type in kilobytes

00:11:49: ISAKMP: SA life duration (VPI) of 0x0 0x46 0x50 0x0

00:11:49: ISAKMP: encaps is 1

00:11:49: ISAKMP: authenticator is HMAC-MD5

00:11:49: ISAKMP (0:1): atts are acceptable.

00:11:49: IPSEC(validate_proposal_request): proposal part #1,

(key eng. msg.) INBOUND local= 192.168.22.2, remote= 172.16.4.4,

local_proxy= 172.16.4.14/255.255.255.255/0/0 (type=1),

remote_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),

protocol= ESP, transform= esp-3des esp-md5-hmac ,

lifedur= 0s and 0kb,

spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x2

00:11:49: IPSEC(validate_transform_proposal): invalid local address 192.168.22.2

00:11:49: ISAKMP (0:1): IPSec policy invalidated proposal

00:11:49: ISAKMP (0:1): phase 2 SA policy not acceptable! (local 192.168.22.2 re

mote 172.16.4.4)

00:11:49: ISAKMP: set new node -1297068123 to QM_IDLE

If I reload the router, then try to estabilish the tunnel again it works well.

Could you tell me what kind of error it is?

Thanks,

Chinbaatar

1 REPLY
Cisco Employee

Re: vpn3000 concentrator error msg! Could not find assigned addr

This sounds like bug CSCec87805 (http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCec87805&cco_product=IOS&fset=&swver=), although I can't tell for sure cause I don't know what SW version you're running. Try upgrading the 806 to one of the Fixed-In versions and see if you still have the problem.

477
Views
0
Helpful
1
Replies