Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Site to Site IPSEC tunnel between routers does not pass traffic

I have around 50 VPN tunnels (hub and spoke) and three of them fail to pass traffic.  Here is the IPSEC debug from the hub router at 172.18.251.5.  The spoke is at 172.18.13.1.

 

Sep 15 22:26:30.200: IPSEC(key_engine_enable_outbound): rec'd enable notify from ISAKMP
Sep 15 22:26:30.200: IPSEC: Expand action denied, notify RP
Sep 15 22:26:36.338: IPSEC(key_engine): got a queue event with 1 KMI message(s)
Sep 15 22:26:36.338: IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP
Sep 15 22:26:36.338: IPSEC(key_engine_delete_sas): delete SA with spi 0x7F14EC1E proto 50 for 172.18.13.1
Sep 15 22:26:36.338: IPSEC(update_current_outbound_sa): updated peer 172.18.13.1 current outbound sa to SPI 7F14EC1E
 --More--         Sep 15 22:26:36.338: IPSEC(delete_sa): deleting SA,
  (sa) sa_dest= 172.18.251.5, sa_proto= 50, 
    sa_spi= 0x128308AD(310577325), 
    sa_trans= esp-aes 256 esp-sha-hmac , sa_conn_id= 5427
    sa_lifetime(k/sec)= (4608000/3600),
  (identity) local= 172.18.251.5:0, remote= 172.18.13.1:0,
    local_proxy= 10.1.2.0/255.255.255.0/256/0,
    remote_proxy= 10.13.2.0/255.255.255.0/256/0
Sep 15 22:26:36.338: IPSEC(update_current_outbound_sa): updated peer 172.18.13.1 current outbound sa to SPI 7F14EC1E
Sep 15 22:26:36.338: IPSEC(delete_sa): deleting SA,
  (sa) sa_dest= 172.18.13.1, sa_proto= 50, 
    sa_spi= 0x7F14EC1E(2132077598), 
    sa_trans= esp-aes 256 esp-sha-hmac , sa_conn_id= 5428
    sa_lifetime(k/sec)= (4608000/3600),
  (identity) local= 172.18.251.5:0, remote= 172.18.13.1:0,
    local_proxy= 10.1.2.0/255.255.255.0/256/0,
    remote_proxy= 10.13.2.0/255.255.255.0/256/0

 

349
Views
0
Helpful
0
Replies
CreatePlease login to create content