Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

891W to 5505 EZVPN issue...No peer struct to get peer description

Hey everyone,

I've been on the forums looking for a solution to my issue in my lab....

I'm getting the No peer struct to get peer description error in my debug.  I've done a search on these forums but the changes that I made did not work for me


It has to be something simple.....

I am able to ping out to my ASA

891Demo#ping 38.98.226.100

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 38.98.226.100, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 100/106/116 ms

I did a few show commands listed below if anyone wants to take a look...


891Demo#sho run

Building configuration...

Current configuration : 6370 bytes

!

! Last configuration change at 20:47:45 UTC Fri Jan 10 2014 by admin

version 15.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname 891Demo

!

boot-start-marker

boot-end-marker

!

!

logging buffered 52000

!

aaa new-model

!

!

aaa authentication login default local

aaa authentication login ciscocp_vpn_xauth_ml_1 local

aaa authorization exec default local

aaa authorization network ciscocp_vpn_group_ml_1 local

!

!

!

!

!

aaa session-id common

service-module wlan-ap 0 bootimage autonomous

!

crypto pki trustpoint TP-self-signed-1670941714

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-1670941714

revocation-check none

rsakeypair TP-self-signed-1670941714

!

!

crypto pki certificate chain TP-self-signed-1670941714

certificate self-signed 01

  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030

  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

  69666963 6174652D 31363730 39343137 3134301E 170D3133 30393130 31383038

  31305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 36373039

  34313731 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

  8100A613 DCE81A2F 27DC53B6 6ED91D5E 167EEAEA D9793CB3 33C39BBE CBC5AF0B

  029C1605 3FC09722 C7811B2D 173B5887 2C87A9C7 4DDAC1C4 AE13A1C3 743B940E

  A5A7AF56 26A83081 2330E910 1BA8317A BE0BC37A 631D858D E307DC04 2F76D648

  1500DB09 2BC1B92A 92C0B8FE 59434385 A3D1B19D 5665D3A9 07956793 F2B98EDA

  EA870203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603

  551D2304 18301680 1489C50C C4C16781 28F37E31 DABE13A9 2EE9967E 58301D06

  03551D0E 04160414 89C50CC4 C1678128 F37E31DA BE13A92E E9967E58 300D0609

  2A864886 F70D0101 05050003 81810053 FD39A299 CFF9E763 C89846EE 9BE0DAE4

  31B890D0 969764F0 98A21C63 FD103ADB 29BA7DB4 98C142B9 1EA60C71 1D6C4BE5

  921224F5 BE5FC348 2A2A4858 A5D0E680 23346C0E 8EA55314 435CE650 5167C796

  1EB4EFAD 1D045B2C 84031255 C2A9F5B7 C8542ACF 3C69C46E DE0230AE EA3587EE

  464A0AC0 3987D917 47A4ABDB 5B6022

        quit

ip cef

!

!

!

!

!

ip dhcp excluded-address 10.10.10.7 10.10.10.254

891Demo#sh run

Building configuration...

Current configuration : 6370 bytes

!

! Last configuration change at 20:47:45 UTC Fri Jan 10 2014 by admin

version 15.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname 891Demo

!

boot-start-marker

boot-end-marker

!

!

logging buffered 52000

!

aaa new-model

!

!

aaa authentication login default local

aaa authentication login ciscocp_vpn_xauth_ml_1 local

aaa authorization exec default local

aaa authorization network ciscocp_vpn_group_ml_1 local

!

!

!

!

!

aaa session-id common

service-module wlan-ap 0 bootimage autonomous

!

crypto pki trustpoint TP-self-signed-1670941714

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-1670941714

revocation-check none

rsakeypair TP-self-signed-1670941714

!

!

crypto pki certificate chain TP-self-signed-1670941714

certificate self-signed 01

  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030

  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

  69666963 6174652D 31363730 39343137 3134301E 170D3133 30393130 31383038

  31305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 36373039

  34313731 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

  8100A613 DCE81A2F 27DC53B6 6ED91D5E 167EEAEA D9793CB3 33C39BBE CBC5AF0B

  029C1605 3FC09722 C7811B2D 173B5887 2C87A9C7 4DDAC1C4 AE13A1C3 743B940E

  A5A7AF56 26A83081 2330E910 1BA8317A BE0BC37A 631D858D E307DC04 2F76D648

  1500DB09 2BC1B92A 92C0B8FE 59434385 A3D1B19D 5665D3A9 07956793 F2B98EDA

  EA870203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603

  551D2304 18301680 1489C50C C4C16781 28F37E31 DABE13A9 2EE9967E 58301D06

  03551D0E 04160414 89C50CC4 C1678128 F37E31DA BE13A92E E9967E58 300D0609

  2A864886 F70D0101 05050003 81810053 FD39A299 CFF9E763 C89846EE 9BE0DAE4

  31B890D0 969764F0 98A21C63 FD103ADB 29BA7DB4 98C142B9 1EA60C71 1D6C4BE5

  921224F5 BE5FC348 2A2A4858 A5D0E680 23346C0E 8EA55314 435CE650 5167C796

  1EB4EFAD 1D045B2C 84031255 C2A9F5B7 C8542ACF 3C69C46E DE0230AE EA3587EE

  464A0AC0 3987D917 47A4ABDB 5B6022

        quit

ip cef

!

!

!

!

!

ip dhcp excluded-address 10.10.10.7 10.10.10.254

!

ip dhcp pool ccp-pool

import all

network 10.10.10.0 255.255.255.0

default-router 10.10.10.1

lease 0 2

!

!

!

ip domain name yourdomain.com

no ipv6 cef

ipv6 multicast rpf use-bgp

!

!

!

!

!

multilink bundle-name authenticated

!

!

!

!

!

!

license udi pid CISCO891W-AGN-A-K9 sn FTX171783D3

!

!

username admin privilege 15 password 0 password

!

redundancy

!

!

!

!

!

csdb tcp synwait-time 30

csdb tcp idle-time 3600

csdb tcp finwait-time 5

csdb tcp reassembly max-memory 1024

csdb tcp reassembly max-queue-length 16

csdb udp idle-time 30

csdb icmp idle-time 10

csdb session max-session 65535

!

!

crypto isakmp policy 50

encr 3des

authentication pre-share

group 2

crypto isakmp key D1l2w3r4 address 38.98.226.100

!

crypto isakmp client configuration group VPNGroupZLAB

key D1l2w3r4

!

!

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

mode tunnel

crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac

mode tunnel

!

!

!

crypto ipsec client ezvpn CISCOCP_EZVPN_CLIENT_1

connect auto

group DefaultL2LGroup key D1l2w3r4

mode client

peer 38.98.226.100

username ztest password D1l2w3r4

xauth userid mode local

!

!

crypto map SDM_CMAP_1 1 ipsec-isakmp

description Tunnel to38.98.226.100

set peer 38.98.226.100

set transform-set ESP-3DES-SHA

match address 102

!

!

!

!

!

interface FastEthernet0

no ip address

!

interface FastEthernet1

no ip address

!

interface FastEthernet2

no ip address

!

interface FastEthernet3

no ip address

!

interface FastEthernet4

no ip address

!

interface FastEthernet5

no ip address

!

interface FastEthernet6

no ip address

!

interface FastEthernet7

no ip address

!

interface FastEthernet8

no ip address

shutdown

duplex auto

speed auto

!

interface Virtual-Template1 type tunnel

no ip address

tunnel mode ipsec ipv4

!

interface GigabitEthernet0

ip address dhcp

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

crypto map SDM_CMAP_1

!

interface wlan-ap0

description Service module interface to manage the embedded AP

ip unnumbered Vlan1

arp timeout 0

!

interface Wlan-GigabitEthernet0

description Internal switch interface connecting to the embedded AP

no ip address

!

interface Vlan1

description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$

ip address 10.10.10.1 255.255.255.248

ip nat inside

ip virtual-reassembly in

ip tcp adjust-mss 1452

!

interface Async1

no ip address

encapsulation slip

!

ip forward-protocol nd

ip http server

ip http access-class 23

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

!

ip dns server

ip nat inside source route-map SDM_RMAP_1 interface GigabitEthernet0 overload

ip route 0.0.0.0 0.0.0.0 192.168.1.1 254

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0 192.168.1.1 254

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0 dhcp 254

!

ip access-list extended protect_traffic

permit ip host 10.10.10.1 host 10.1.11.1

!

no cdp run

!

route-map SDM_RMAP_1 permit 1

match ip address 101

!

!

access-list 23 permit 10.10.10.0 0.0.0.7

access-list 100 remark CCP_ACL Category=4

access-list 100 remark IPSec Rule

access-list 100 permit ip 10.10.10.0 0.0.0.255 10.1.11.0 0.0.0.255

access-list 101 remark CCP_ACL Category=2

access-list 101 remark IPSec Rule

access-list 101 deny   ip 10.10.10.0 0.0.0.255 10.1.11.0 0.0.0.255

access-list 101 permit ip 10.10.10.0 0.0.0.7 any

access-list 102 remark CCP_ACL Category=4

access-list 102 remark IPSec Rule

access-list 102 permit ip 10.10.10.0 0.0.0.255 10.1.11.0 0.0.0.255

!

!

!

control-plane

!

!

!

mgcp behavior rsip-range tgcp-only

mgcp behavior comedia-role none

mgcp behavior comedia-check-media-src disable

mgcp behavior comedia-sdp-force disable

!

mgcp profile default

!

!

!

!

!

!

line con 0

line 1

modem InOut

speed 115200

flowcontrol hardware

line 2

no activation-character

no exec

transport preferred none

transport input all

transport output pad telnet rlogin udptn ssh

line aux 0

line vty 0 4

access-class 23 in

transport input telnet ssh

transport output telnet ssh

line vty 5 15

access-class 23 in

transport input telnet ssh

transport output telnet ssh

!

!

end

=============================================

=============================================

891Demo#sh crypto ipsec sa

interface: GigabitEthernet0

    Crypto map tag: SDM_CMAP_1, local addr 10.0.0.35

   protected vrf: (none)

   local  ident (addr/mask/prot/port): (10.10.10.0/255.255.255.0/0/0)

   remote ident (addr/mask/prot/port): (10.1.11.0/255.255.255.0/0/0)

   current_peer 38.98.226.100 port 500

     PERMIT, flags={origin_is_acl,}

    #pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0

    #pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0

    #pkts compressed: 0, #pkts decompressed: 0

    #pkts not compressed: 0, #pkts compr. failed: 0

    #pkts not decompressed: 0, #pkts decompress failed: 0

    #send errors 0, #recv errors 0

     local crypto endpt.: 10.0.0.35, remote crypto endpt.: 38.98.226.100

     path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet0

     current outbound spi: 0x0(0)

     PFS (Y/N): N, DH group: none

     inbound esp sas:

     inbound ah sas:

     inbound pcp sas:

     outbound esp sas:

     outbound ah sas:

     outbound pcp sas:

=============================================

=============================================

891Demo#sho crypto se

Crypto session current status

Interface: GigabitEthernet0

Session status: DOWN

Peer: 38.98.226.100 port 500

  IPSEC FLOW: permit ip 10.10.10.0/255.255.255.0 10.1.11.0/255.255.255.0

        Active SAs: 0, origin: crypto map

891Demo#

*Jan 10 20:56:15.327: No peer struct to get peer description

=============================================

=============================================

891Demo#sh crypto isakmp default pol

Default IKE policy

Default protection suite of priority 65507

        encryption algorithm:   AES - Advanced Encryption Standard (128 bit keys).

        hash algorithm:         Secure Hash Standard

        authentication method:  Rivest-Shamir-Adleman Signature

        Diffie-Hellman group:   #5 (1536 bit)

        lifetime:               86400 seconds, no volume limit

Default protection suite of priority 65508

        encryption algorithm:   AES - Advanced Encryption Standard (128 bit keys).

        hash algorithm:         Secure Hash Standard

        authentication method:  Pre-Shared Key

        Diffie-Hellman group:   #5 (1536 bit)

        lifetime:               86400 seconds, no volume limit

Default protection suite of priority 65509

        encryption algorithm:   AES - Advanced Encryption Standard (128 bit keys).

        hash algorithm:         Message Digest 5

        authentication method:  Rivest-Shamir-Adleman Signature

        Diffie-Hellman group:   #5 (1536 bit)

        lifetime:               86400 seconds, no volume limit

Default protection suite of priority 65510

        encryption algorithm:   AES - Advanced Encryption Standard (128 bit keys).

        hash algorithm:         Message Digest 5

        authentication method:  Pre-Shared Key

        Diffie-Hellman group:   #5 (1536 bit)

        lifetime:               86400 seconds, no volume limit

Default protection suite of priority 65511

        encryption algorithm:   Three key triple DES

        hash algorithm:         Secure Hash Standard

        authentication method:  Rivest-Shamir-Adleman Signature

        Diffie-Hellman group:   #2 (1024 bit)

        lifetime:               86400 seconds, no volume limit

Default protection suite of priority 65512

        encryption algorithm:   Three key triple DES

        hash algorithm:         Secure Hash Standard

        authentication method:  Pre-Shared Key

        Diffie-Hellman group:   #2 (1024 bit)

        lifetime:               86400 seconds, no volume limit

Default protection suite of priority 65513

        encryption algorithm:   Three key triple DES

        hash algorithm:         Message Digest 5

        authentication method:  Rivest-Shamir-Adleman Signature

        Diffie-Hellman group:   #2 (1024 bit)

        lifetime:               86400 seconds, no volume limit

Default protection suite of priority 65514

        encryption algorithm:   Three key triple DES

        hash algorithm:         Message Digest 5

        authentication method:  Pre-Shared Key

        Diffie-Hellman group:   #2 (1024 bit)

        lifetime:               86400 seconds, no volume limit

Any insight to this would be appreciated, i'm still going to try and figure it out as well

1204
Views
0
Helpful
0
Replies
CreatePlease to create content