Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Concentrator 3005 to Nortel Vpn Router

I would like to open a vpn ipsec tunnel beetween c3005 and a nortel vpn router

ipsec phase 1 is ok but

ipsec phase 2 don't go at the end

29898 10/06/2006 14:10:53.330 SEV=7 IPSECDBG/14 RPT=6

Sending KEY_ACQUIRE to IKE for src 83.206.4.82, dst 81.255.207.146

29899 10/06/2006 14:10:53.330 SEV=4 IKE/41 RPT=9429 81.255.207.146

IKE Initiator: New Phase 1, Intf 2, IKE Peer 81.255.207.146

local Proxy Address 83.206.4.82, remote Proxy Address 81.255.207.146,

SA (L2L: ToLanAunay)

29902 10/06/2006 14:10:54.150 SEV=4 IKE/119 RPT=5899 81.255.207.146

Group [L2L: ToLanAunay]

PHASE 1 COMPLETED

29903 10/06/2006 14:10:54.150 SEV=4 AUTH/22 RPT=5813

User [L2L: ToLanAunay] Group [L2L: ToLanAunay] connected, Session Type: IPSec/LA

N-to-LAN

29905 10/06/2006 14:10:54.150 SEV=4 AUTH/84 RPT=3727

LAN-to-LAN tunnel to headend device 81.255.207.146 connected

29906 10/06/2006 14:10:54.150 SEV=9 IPSECDBG/6 RPT=12

IPSEC key message parse - msgtype 6, len 208, vers 1, pid 00000000, seq 6386, er

r 0, type 2, mode 0, state 32, label 0, pad 0, spi 0x00000000, encrKeyLen 0, has

hKeyLen 0, ivlen 0, alg 0, hmacAlg 0, lifetype 0, lifetime1 1110380, lifetime2 0

, dsId 300

29910 10/06/2006 14:10:54.150 SEV=9 IPSECDBG/1 RPT=18

Processing KEY_GETSPI msg!

29911 10/06/2006 14:10:54.160 SEV=7 IPSECDBG/13 RPT=6

Reserved SPI 0x1331e69c

29912 10/06/2006 14:10:54.200 SEV=5 IKE/68 RPT=12816 81.255.207.146

Group [L2L: ToLanAunay]

Received non-routine Notify message: Invalid ID info (18)

29914 10/06/2006 14:11:02.190 SEV=5 IKE/68 RPT=12817 81.255.207.146

Group [L2L: ToLanAunay]

Received non-routine Notify message: Invalid ID info (18)

29916 10/06/2006 14:11:10.200 SEV=5 IKE/68 RPT=12818 81.255.207.146

Group [L2L: ToLanAunay]

Received non-routine Notify message: Invalid ID info (18)

29918 10/06/2006 14:11:18.190 SEV=5 IKE/68 RPT=12819 81.255.207.146

Group [L2L: ToLanAunay]

Received non-routine Notify message: Invalid ID info (18)

29920 10/06/2006 14:11:26.160 SEV=4 IKEDBG/97 RPT=3285 81.255.207.146

Group [L2L: ToLanAunay]

QM FSM error (P2 struct &0x3587bf8, mess id 0x2f451c1f)!

29921 10/06/2006 14:11:26.170 SEV=4 AUTH/23 RPT=3730 81.255.207.146

User [L2L: ToLanAunay] Group [L2L: ToLanAunay] disconnected: duration: 0:00:32

29922 10/06/2006 14:11:26.170 SEV=4 AUTH/85 RPT=3726

LAN-to-LAN tunnel to headend device 81.255.207.146 disconnected: duration: 0:00:

32

29924 10/06/2006 14:11:26.170 SEV=9 IPSECDBG/6 RPT=13

IPSEC key message parse - msgtype 2, len 274, vers 1, pid 00000000, seq 0, err 0

, type 2, mode 0, state 32, label 0, pad 0, spi 0x1331e69c, encrKeyLen 0, hashKe

yLen 0, ivlen 0, alg 0, hmacAlg 0, lifetype 0, lifetime1 1110380, lifetime2 0, d

sId 0

29928 10/06/2006 14:11:26.170 SEV=9 IPSECDBG/1 RPT=19

Processing KEY_DELETE msg!

29929 10/06/2006 14:11:26.170 SEV=7 IPSECDBG/1 RPT=20

Could not find assigned address for tunnel!

1 REPLY
Cisco Employee

Re: Concentrator 3005 to Nortel Vpn Router

Jean,

What is the local and remote network that you are trying to encrypt.

Make sure that the Local Network List and Remote Network List are configured correctly and also should be mirror image on the Nortel Side.

For example, refer the below VPN sample configuration between VPN3000 and CheckPoint.

http://www.cisco.com/warp/customer/471/vpn3k-checkpt.html#

Let me know if it helps.

Regards,

Arul

192
Views
0
Helpful
1
Replies