Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3004
Views
0
Helpful
2
Replies

IPSEC(validate_proposal): invalid local address

rmv72
Level 1
Level 1

‎03-26-2004 04:35 AM - edited ‎02-21-2020 01:05 PM

What is possible reason of next error-

1w2d: IPSEC(validate_proposal): invalid local address 195.222.**.**

===================================================

1w2d: ISAKMP (0:4): received packet from 194.186.**.** (R) QM_IDLE

1w2d: ISAKMP (0:4): processing HASH payload. message ID = 1862180589

1w2d: ISAKMP (0:4): processing SA payload. message ID = 1862180589

1w2d: ISAKMP (0:4): Checking IPSec proposal 1

1w2d: ISAKMP: transform 1, ESP_DES

1w2d: ISAKMP: attributes in transform:

1w2d: ISAKMP: encaps is 1

1w2d: ISAKMP: SA life type in seconds

1w2d: ISAKMP: SA life duration (basic) of 3600

1w2d: ISAKMP: SA life type in kilobytes

1w2d: ISAKMP: SA life duration (VPI) of 0x0 0x46 0x50 0x0

1w2d: ISAKMP: authenticator is HMAC-MD5

1w2d: IPSEC(validate_proposal): invalid local address 195.222.**.**

1w2d: ISAKMP (0:4): atts not acceptable. Next payload is 0

1w2d: ISAKMP (0:4): phase 2 SA not acceptable!

1w2d: ISAKMP (0:4): sending packet to 194.186.**.** (R) QM_IDLE

1w2d: ISAKMP (0:4): purging node -381201148

1w2d: ISAKMP (0:4): deleting node 1862180589 error FALSE reason "IKMP_NO_ERR_NO_TRANS"

1w2d: ISAKMP (0:4): received packet from 194.186.**.** (R) QM_IDLE

1w2d: ISAKMP (0:4): phase 2 packet is a duplicate of a previous packet.

1w2d: ISAKMP (0:4): retransmitting due to retransmit phase 2

1w2d: ISAKMP (0:4): ignoring retransmission,because phase2 node marked dead -1996220841

3620#

Labels:
0 Helpful
2 Replies 2

rmv72
Level 1
Level 1

‎03-26-2004 04:51 AM

i found my mistake -

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a00800949c5.shtml

Invalid Local Address

Below is an example of this error message.

IPSEC(validate_proposal): invalid local address 12.2.6.2

ISAKMP (0:3): atts not acceptable. Next payload is 0

ISAKMP (0:3): SA not acceptable!

This error message is attributed to one of the following two common problems.

The crypto map map-name local-address interface-id command causes the router to use an incorrect address as the identity because it forces the router to use a specified address.

Crypto map is applied to the wrong interface or is not applied at all. Check the configuration to ensure that crypto map is applied to the correct interface.

In my case was Crypto map is applied to the wrong interface .

0 Helpful

Alex Pfeil
Level 7
Level 7
In response to rmv72

‎04-05-2018 01:19 PM

Please check the interface set in the local-address command.

crypto map MyMAP local-address Dialer0

IPSEC(ipsec_process_proposal): invalid local address

 

Thanks,

 

Alex

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents