Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

Anonymous
N/A

Can't establish tunnel - send errors in show crypto ipsec sa

When I try establish tunnel form one site router only establish IKE 1 phase. Router from second site sucess established tunnel. What can cause the problem?

This is from te tunnel wich can not create tunnel.

Jun 17 13:12:41.255: ISAKMP (0:2): deleting spi 3698453549 message ID = -621361265

Jun 17 13:12:41.255: ISAKMP (0:2): deleting node -621361265 error TRUE reason "delete_larval"

Jun 17 13:12:41.259: ISAKMP (0:2): deleting node 1828523769 error FALSE reason "informational (in) state 1"

Jun 17 13:12:41.259: ISAKMP (0:2): Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY

Jun 17 13:12:41.259: ISAKMP (0:2): Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE

....

Success rate is 0 percent (0/5)

r-war#

Jun 17 13:12:53.587: ISAKMP (0:1): purging SA., sa=82DA60CC, delme=82DA60CC

r-war#show cr

Jun 17 13:13:04.879: IPSEC(key_engine): request timer fired: count = 1,

(identity) local= 192.168.1.1, remote= 192.168.1.50,

local_proxy= 10.0.0.0/255.0.0.0/0/0 (type=4),

remote_proxy= 10.0.2.0/255.255.255.0/0/0 (type=4)

Jun 17 13:13:04.879: IPSEC(sa_request): ,

(key eng. msg.) OUTBOUND local= 192.168.1.1, remote= 192.168.1.50,

local_proxy= 10.0.0.0/255.0.0.0/0/0 (type=4),

remote_proxy= 10.0.2.0/255.255.255.0/0/0 (type=4),

protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel),

lifedur= 3600s and 4608000kb,

spi= 0x53F109B0(1408305584), conn_id= 0, keysize= 0, flags= 0x400A

Jun 17 13:13:04.883: ISAKMP: received ke message (1/1)

Jun 17 13:13:04.883: ISAKMP: set new node 0 to QM_IDLE

Jun 17 13:13:04.883: ISAKMP (0:2): sitting IDLE. Starting QM immediately (QM_IDLE )

Jun 17 13:13:04.883: ISAKMP (0:2): beginning Quick Mode exchange, M-ID of 318637877

Jun 17 13:13:04.887: ISAKMP (0:2): sending packet to 192.168.1.50 my_pory

r-war#show crypto t 500 peer_port 500 (I) QM_IDLE

Jun 17 13:13:04.891: ISAKMP (0:2): Node 318637877, Input = IKE_MESG_INTERNAL, IKE_INIT_QM

Jun 17 13:13:04.891: ISAKMP (0:2): Old State = IKE_QM_READY New State = IKE_QM_I_QM1

Jun 17 13:13:04.899: ISAKMP (0:2): received packet from 192.168.1.50 dport 500 sport 500 Global (I) QM_IDLE

Jun 17 13:13:04.899: ISAKMP: set new node -632981586 to QM_IDLE

Jun 17 13:13:04.903: ISAKMP (0:2): processing HASH payload. message ID = -632981586

Jun 17 13:13:04.903: ISAKMP (0:2): processing NOTIFY PROPOSAL_NOT_CHOSEN protocol 3

spi 1408305584, message ID = -632981586, sa = 827994E4

Jun 17 13:13:04.903: ISAKMP (0:2): deleting spi 1408305584 message ID = 318637877

Jun 17 13:13:04.903: ISAKMP (0:2): deleting node 318637877 error TRUE reason "delete_larval"

Jun 17 13:13:04.903: ISAKMP (0:2): deleting node -632981586 error FALSE reason "informational (in) state 1"

Jun 17 13:13:04.907: ISAKMP (0:2): Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY

Jun 17 13:13:04.907: ISAKMP (0:2): Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE

% Incomplete command.

r-war#show cry

r-war#show crypto isa

r-war#show crypto isakmp sa

r-war#show crypto isakmp sa

dst src state conn-id slot

192.168.1.50 192.168.1.1 QM_IDLE 2 0

r-war#show crypto ipse

r-war#show crypto ipsec sa

r-war#show crypto ipsec sa

interface: FastEthernet0/0

Crypto map tag: MAPA, local addr. 192.168.1.1

protected vrf:

local ident (addr/mask/prot/port): (10.0.0.0/255.0.0.0/0/0)

remote ident (addr/mask/prot/port): (10.0.2.0/255.255.255.0/0/0)

current_peer: 192.168.1.50:500

PERMIT, flags={origin_is_acl,}

#pkts encaps: 0, #pkts encrypt: 0, #pkts digest 0

#pkts decaps: 0, #pkts decrypt: 0, #pkts verify 0

#pkts compressed: 0, #pkts decompressed: 0

#pkts not compressed: 0, #pkts compr. failed: 0

#pkts not decompressed: 0, #pkts decompress failed: 0

#send errors 5, #recv errors 0

687
Views
0
Helpful
0
Replies