Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Querying key pair failed

Guys,

I see 10000 messages in the logs from yesterday:

10.9.32.21

CRYPTO

CiscoFacility

QUERY_KEY

CiscoCode

ICMP Type

CRYPTO-3-QUERY_KEY

CiscoAlertCode

ACL Number

CRYPTO:QUERY_KEY

ABC.com

CiscoRouter

Oct 13 2009 16:32:30

3

CISCO

Oct 13 2009 16:32:30

Querying key pair failed.

It seems we have an isakmp policy mismatch? But the side-to-side vpn is active.

Does anyone have idea about this?

Thanks in advance!

1 REPLY
New Member

Re: Querying key pair failed

Hi Guys,

Here is some more information:

The syslog lines look like this:

sentry.log.0:Oct 14 06:33:33 ABC.com 6176168: Oct 14 06:33:32 UTC: %CRYPTO-3-QUERY_KEY: Querying key pair failed.

On the 12th ther were a small number of log lines like: (possibly not related)

sentry.log.1.gz:Oct 12 13:31:19 ABC.com 6076104: Oct 12 13:31:18 UTC: %CRYPTO-4-IKMP_NO_SA: IKE message from 99.XX.XX.XX has no SA and is not an initialization offer

There were also other loglines from that device in te last few days: (possibly not related)

$ grep ABC.com sentry*log sentry.log.0 | grep -v %CRYPTO-3-QUERY_KEY

sentry.log:Oct 14 07:08:51 ABC.com 6177602: Oct 14 07:08:50 UTC: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for

sentry.log:Oct 14 07:08:51 ABC.com 6177603: ^Idestaddr=216.XX.XX.XX, prot=50, spi=0x54B6515C(1421234524), srcaddr=84.XX.XX.XX

sentry.log:Oct 14 11:18:51 ABC.com 6188903: Oct 14 11:18:51 UTC: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for

sentry.log:Oct 14 11:18:51 ABC.com 6188904: ^Idestaddr=216.XX.XX.XX, prot=50, spi=0x223E0D70(574492016), srcaddr=84.XX.XX.XX

.......

As of now there are this many log lines matching:

$ grep rtbrd2.wlca.descartes.com sentry*log sentry.log.0 | grep %CRYPTO-3-QUERY_KEY | wc -l

22225

$ Date

Wed Oct 14 19:54:33 UTC 2009

250
Views
0
Helpful
1
Replies
CreatePlease to create content