Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

GETVPN : GM is not registering with KS

Hi All ,

We are haing 7206VXR router with version of c7200p-advsecurityk9-mz.150-1.M8.bin . Previously it was able to register with KS and it was working fine .But for the last four days it is not happening for this branch , whereas remaining and all working fine . We are getting the below error logs ,

Mar  4 10:02:07 IST: %CRYPTO-5-GM_REGSTER: Start registration to KS x.x.x.x for group GETVPNGROUP using address x.x.x.x

*Mar  4 10:02:07 IST: %CRYPTO-6-GDOI_ON_OFF: GDOI is ON

*Mar  4 10:02:08 IST: %GDOI-5-GM_REKEY_TRANS_2_UNI: Group GETVPNGROUP transitioned to Unicast Rekey.

*Mar  4 10:02:08 IST: %GDOI-3-GM_NO_IPSEC_FLOWS: IPSec FLOW limit possibly reached

*Mar  4 10:02:08 IST: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of GDOI mode failed with peer at x.x.x.x

C7206_01(config-if)#

*Mar  4 10:02:08 IST: %CRYPTO-5-GM_REGSTER: Start registration to KS x.x.x.x for group GETVPN_GROUP using address x.x.x.x

Any suggestion on this would be helpful.

Thanks.,

Vijay.

1 REPLY
Hall of Fame Super Silver

GETVPN : GM is not registering with KS

Vijay

Has something changed recently? Can you verify IP connectivity between the GM and the key server? Are there any log messages on the key server about the attempt from the GM that might shed light on the problem?

HTH

Rick

238
Views
0
Helpful
1
Replies
CreatePlease login to create content