06-29-2009 03:54 AM - edited 02-21-2020 03:32 AM
Hi there,
I am establishing a Site-to-site VPN connection with one of our clients and this just the first time we are using integrated Services SPA of CISCO installed to our 7609 router.
The configuration and logs is attached in this one. I am basically confused and unsure where exactly we are failing in the VPN parameter negotiations. I am attaching the configuration as well as the logs taken from our router.
06-29-2009 06:49 AM
ISAKMP phase 1 is failing. Check your ISAKMP config and passwords. They need to match on each side. Here's a link to an excellent VPN troubleshooting guide.
http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml
07-01-2009 09:34 PM
Hi Collin,
We have checked and it seems we do have an exact match in the VPN parameters. One thing I have noticed though is that I am recieving a duplicate Phase 1 form their end. What are the possible reason for this one?
Jul 2 13:33:38.153: ISAKMP (0): received packet from ***.***.***.*** dport 500 sport 500 Global (R) MM_SA_SETUP
Jul 2 13:33:38.157: ISAKMP:(0): phase 1 packet is a duplicate of a previous packet.
Jul 2 13:33:38.157: ISAKMP:(0): retransmitting due to retransmit phase 1
Jul 2 13:33:38.157: ISAKMP:(0): retransmitting phase 1 MM_SA_SETUP...
07-09-2009 10:19 PM
Hi We were finally able to get past the first error. However I am now seeing this error.. What could this mean?
Jul 10 14:09:25.999: ISAKMP:(68516):Send initial contact
Jul 10 14:09:25.999: ISAKMP:(68516):SA is doing pre-shared key authentication using id type ID_IPV4_ADDR
Jul 10 14:09:25.999: ISAKMP (68516): ID payload
next-payload : 8
type : 1
address : yyy.yyy.yyy.yyy
protocol : 17
port : 500
length : 12
Jul 10 14:09:25.999: ISAKMP:(68516):Total payload length: 12
Jul 10 14:09:25.999: crypto_engine: Generate IKE hash
Jul 10 14:09:25.999: crypto_engine: Encrypt IKE packet
Jul 10 14:09:25.999: ISAKMP:(68516): sending packet to ***.***.***.*** my_port 500 peer_port 500 (I) MM_KEY_EXCH
Jul 10 14:09:25.999: ISAKMP:(68516):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
Jul 10 14:09:25.999: ISAKMP:(68516):Old State = IKE_I_MM4 New State = IKE_I_MM5
Jul 10 14:09:26.127: ISAKMP (68516): received packet from ***.***.***.*** dport 500 sport 500 Global (I) MM_KEY_EXCH
Jul 10 14:09:26.127: crypto_engine: Decrypt IKE packet
Jul 10 14:09:26.127: ISAKMP:(68516): processing ID payload. message ID = 0
Jul 10 14:09:26.127: ISAKMP (68516): ID payload
next-payload : 8
type : 2
FQDN name : easytrip.default.domain.invalid
protocol : 0
port : 0
length : 39
Jul 10 14:09:26.127: ISAKMP:(68516):Expected EasyTripPROFILE profile doesn't match, aborting exchange
Jul 10 14:09:26.127: ISAKMP (68516): FSM action returned error: 2
Jul 10 14:09:26.127: ISAKMP:(68516):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
Jul 10 14:09:26.127: ISAKMP:(68516):Old State = IKE_I_MM5 New State = IKE_I_MM6
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide