03-26-2004 04:35 AM - edited 02-21-2020 01:05 PM
What is possible reason of next error-
1w2d: IPSEC(validate_proposal): invalid local address 195.222.**.**
===================================================
1w2d: ISAKMP (0:4): received packet from 194.186.**.** (R) QM_IDLE
1w2d: ISAKMP (0:4): processing HASH payload. message ID = 1862180589
1w2d: ISAKMP (0:4): processing SA payload. message ID = 1862180589
1w2d: ISAKMP (0:4): Checking IPSec proposal 1
1w2d: ISAKMP: transform 1, ESP_DES
1w2d: ISAKMP: attributes in transform:
1w2d: ISAKMP: encaps is 1
1w2d: ISAKMP: SA life type in seconds
1w2d: ISAKMP: SA life duration (basic) of 3600
1w2d: ISAKMP: SA life type in kilobytes
1w2d: ISAKMP: SA life duration (VPI) of 0x0 0x46 0x50 0x0
1w2d: ISAKMP: authenticator is HMAC-MD5
1w2d: IPSEC(validate_proposal): invalid local address 195.222.**.**
1w2d: ISAKMP (0:4): atts not acceptable. Next payload is 0
1w2d: ISAKMP (0:4): phase 2 SA not acceptable!
1w2d: ISAKMP (0:4): sending packet to 194.186.**.** (R) QM_IDLE
1w2d: ISAKMP (0:4): purging node -381201148
1w2d: ISAKMP (0:4): deleting node 1862180589 error FALSE reason "IKMP_NO_ERR_NO_TRANS"
1w2d: ISAKMP (0:4): received packet from 194.186.**.** (R) QM_IDLE
1w2d: ISAKMP (0:4): phase 2 packet is a duplicate of a previous packet.
1w2d: ISAKMP (0:4): retransmitting due to retransmit phase 2
1w2d: ISAKMP (0:4): ignoring retransmission,because phase2 node marked dead -1996220841
3620#
03-26-2004 04:51 AM
i found my mistake -
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a00800949c5.shtml
Invalid Local Address
Below is an example of this error message.
IPSEC(validate_proposal): invalid local address 12.2.6.2
ISAKMP (0:3): atts not acceptable. Next payload is 0
ISAKMP (0:3): SA not acceptable!
This error message is attributed to one of the following two common problems.
The crypto map map-name local-address interface-id command causes the router to use an incorrect address as the identity because it forces the router to use a specified address.
Crypto map is applied to the wrong interface or is not applied at all. Check the configuration to ensure that crypto map is applied to the correct interface.
In my case was Crypto map is applied to the wrong interface .
04-05-2018 01:19 PM
Please check the interface set in the local-address command.
crypto map MyMAP local-address Dialer0
IPSEC(ipsec_process_proposal): invalid local address
Thanks,
Alex
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: