Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IPSEC(validate_proposal): invalid local address

What is possible reason of next error-

1w2d: IPSEC(validate_proposal): invalid local address 195.222.**.**

===================================================

1w2d: ISAKMP (0:4): received packet from 194.186.**.** (R) QM_IDLE

1w2d: ISAKMP (0:4): processing HASH payload. message ID = 1862180589

1w2d: ISAKMP (0:4): processing SA payload. message ID = 1862180589

1w2d: ISAKMP (0:4): Checking IPSec proposal 1

1w2d: ISAKMP: transform 1, ESP_DES

1w2d: ISAKMP: attributes in transform:

1w2d: ISAKMP: encaps is 1

1w2d: ISAKMP: SA life type in seconds

1w2d: ISAKMP: SA life duration (basic) of 3600

1w2d: ISAKMP: SA life type in kilobytes

1w2d: ISAKMP: SA life duration (VPI) of 0x0 0x46 0x50 0x0

1w2d: ISAKMP: authenticator is HMAC-MD5

1w2d: IPSEC(validate_proposal): invalid local address 195.222.**.**

1w2d: ISAKMP (0:4): atts not acceptable. Next payload is 0

1w2d: ISAKMP (0:4): phase 2 SA not acceptable!

1w2d: ISAKMP (0:4): sending packet to 194.186.**.** (R) QM_IDLE

1w2d: ISAKMP (0:4): purging node -381201148

1w2d: ISAKMP (0:4): deleting node 1862180589 error FALSE reason "IKMP_NO_ERR_NO_TRANS"

1w2d: ISAKMP (0:4): received packet from 194.186.**.** (R) QM_IDLE

1w2d: ISAKMP (0:4): phase 2 packet is a duplicate of a previous packet.

1w2d: ISAKMP (0:4): retransmitting due to retransmit phase 2

1w2d: ISAKMP (0:4): ignoring retransmission,because phase2 node marked dead -1996220841

3620#

1 REPLY
New Member

Re: IPSEC(validate_proposal): invalid local address

i found my mistake -

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a00800949c5.shtml

Invalid Local Address

Below is an example of this error message.

IPSEC(validate_proposal): invalid local address 12.2.6.2

ISAKMP (0:3): atts not acceptable. Next payload is 0

ISAKMP (0:3): SA not acceptable!

This error message is attributed to one of the following two common problems.

The crypto map map-name local-address interface-id command causes the router to use an incorrect address as the identity because it forces the router to use a specified address.

Crypto map is applied to the wrong interface or is not applied at all. Check the configuration to ensure that crypto map is applied to the correct interface.

In my case was Crypto map is applied to the wrong interface .

1045
Views
0
Helpful
1
Replies
CreatePlease to create content