Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IKE Initiator unable to find policy: Intf OUTSIDE on site to site vpn

Dear Sir,

iam facing strage problem is we have site to site tunnel established phase 1 is comleeted but there is no traffic on responder side and when i debug ipsec iam getting the fallowing eoor

[IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0

Oct 22 13:49:04 [IKEv1]: IKE Initiator unable to find policy: Intf OUTSIDE, Src: 10.242.108.21, Dst: 144.36.220.225

Oct 22 13:49:07 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0

Oct 22 13:49:07 [IKEv1]: IKE Initiator unable to find policy: Intf OUTSIDE, Src: 10.242.108.21, Dst: 144.36.220.225

Oct 22 13:49:12 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0

Oct 22 13:49:12 [IKEv1]: IKE Initiator unable to find policy: Intf OUTSIDE, Src: 10.242.108.15, Dst: 144.36.220.225

Oct 22 13:49:12 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0

Oct 22 13:49:12 [IKEv1]: IKE Initiator unable to find policy: Intf OUTSIDE, Src: 10.242.108.16, Dst: 144.36.220.225

Oct 22 13:49:13 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0

Oct 22 13:49:13 [IKEv1]: IKE Initiator unable to find policy: Intf OUTSIDE, Src: 10.242.108.21, Dst: 144.36.220.225

Oct 22 13:49:15 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0

Oct 22 13:49:15 [IKEv1]: IKE Initiator unable to find policy: Intf OUTSIDE, Src: 10.242.108.16, Dst: 144.36.220.225

Oct 22 13:49:18 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0

Oct 22 13:49:18 [IKEv1]: IKE Initiator unable to find policy: Intf OUTSIDE, Src: 10.242.108.15, Dst: 144.36.220.225

Oct 22 13:49:19 [IKEv1]: IP = 144.36.220.8, IKE_DECODE RECEIVED Message (msgid=dd278862) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84

____sh crypto ipsec sa peer 144.36.X.X

peer address: 144.36.X.X

    Crypto map tag: OUTSIDE_map, seq num: 1, local addr: 223.27.122.35

      access-list OUTSIDE_1_cryptomap extended permit ip 10.242.108.0 255.255.252.0 host 144.36.220.225

      local ident (addr/mask/prot/port): (10.242.108.0/255.255.255.0/0/0)

      remote ident (addr/mask/prot/port): (144.36.220.225/255.255.255.255/0/0)

      current_peer: 144.36.220.8

      #pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0

      #pkts decaps: 11, #pkts decrypt: 11, #pkts verify: 11

      #pkts compressed: 0, #pkts decompressed: 0

      #pkts not compressed: 0, #pkts comp failed: 0, #pkts decomp failed: 0

      #pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0

      #PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0

      #send errors: 0, #recv errors: 0

      local crypto endpt.: 223.27.122.35/0, remote crypto endpt.: 144.36.220.8/0

      path mtu 1500, ipsec overhead 58, media mtu 1500

      current outbound spi: 0498B939

      current inbound spi : C2BC877D

    inbound esp sas:

      spi: 0xC2BC877D (3267135357)

         transform: esp-3des esp-sha-hmac no compression

         in use settings ={L2L, Tunnel, }

<--- More --->

         slot: 0, conn_id: 65536, crypto-map: OUTSIDE_map

         sa timing: remaining key lifetime (kB/sec): (4373999/2126)

         IV size: 8 bytes

         replay detection support: Y

         Anti replay bitmap:

          0x00000000 0x00000FFF

    outbound esp sas:

      spi: 0x0498B939 (77117753)

         transform: esp-3des esp-sha-hmac no compression

         in use settings ={L2L, Tunnel, }

         slot: 0, conn_id: 65536, crypto-map: OUTSIDE_map

         sa timing: remaining key lifetime (kB/sec): (4374000/2126)

         IV size: 8 bytes

         replay detection support: Y

         Anti replay bitmap:

          0x00000000 0x00000001

can any body help me to how can i fix the problem

Thanks in advance

Srinivas

1 REPLY
Super Bronze

IKE Initiator unable to find policy: Intf OUTSIDE on site to sit

Hi,

I am not quite sure what the problem is but if you could provide the configurations I could go through them and see if there is anything there that might cause problems.

- Jouni

411
Views
0
Helpful
1
Replies
CreatePlease login to create content