Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

The user receives the ISAKMP (0:xxx): deleting SA reason gen_ipsec_isakmp_delete but doi isakmp state (I) MM_KEY_EXCH (peer x.x.x.x) input queue 0 message

Core issue

The output of the show crypto isa sa command shows the MM_KEY_EXCH status.

Resolution

Make sure the preshared key is correctly configured. To reset the preshared key, issue this command: 

isakmp key ******** address 172.16.172.34 255.255.255.255 no-xauth no-config-mode

Note: The pre-shared key is designated by asterisks (***).

If the keys do not match, issue this command to remove the line:

no isakmp key ******** address 172.16.172.34 255.255.255.255 no-xauth no-config-mode

Re-issue the command with the correct pre-shared key.

The IP address mentioned for preshared key is the appropriate address of the opposite end.

For further troubleshooting, capture VPN debugs from both ends, and look for a more specific error message.

For an explanation of common debug error messages used in troubleshooting IPSec issues, refer to IP Security Troubleshooting - Understanding and Using debug Commands.

Version history
Revision #:
1 of 1
Last update:
‎06-22-2009 04:13 PM
Updated by:
 
Labels (1)