Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

MM_NO_state

I've set up a vpn tunnel ,when i enter the sh crypto isakmp sa command i get the message:

dst src

"peer IP" "my IP" state conn-id slot

MM_KEY_EXCH 2 0

and later i get this message

dst src

"peer IP" "my IP" state conn-id slot

MM_NO_state 2 0

the policy requirements are:

from the other peer side, they have a concentrator 3015,

Authentication

ESP/MD5/HMAC-128

Encryption

3DES-168

from my side i have a cisco router 805

and this is the policy that i have done:

Protection suite of priority 20

encryption algorithm:Three key triple DES

hash algorithm:Secure Hash Standard

authentication method: Pre-Shared Key

Diffie-Hellman group: #2 (1024 bit)

lifetime:86400 seconds, no volume limit

any solution please?

1 REPLY
Silver

Re: MM_NO_state

MM_KEY_EXCH and MM_NO_STATE are some of the states that may be displayed in the output of the show crypto isakmp sa command.

Meaning of the states you have mentioned:

1)MM_KEY_EXCH::

This message says that the peers have exchanged Diffie-Hellman public keys and have generated a shared secret. The ISAKMP SA remains unauthenticated.

2)MM_NO_STATE::

This message says that the ISAKMP SA has been created, but nothing else has happened yet. It is "larval" at this stage(there is no state at present).

For more info about the "show crypto isakmp sa command" refer the URL below:

http://www.cisco.com/en/US/docs/ios/12_3/security/command/reference/sec_r1g.html#wp107407

1426
Views
0
Helpful
1
Replies