Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

site to site VPN issue: UC560-SRP

Hello,

I have a problem with traffic nothing is passing in spite of a connected status!!!!!

Pinging  both public address is not allowed.

SRP side:

StatusEnable
Policy NameP1
Local Group TypeIP Address & Subnet
Local Group IP Address192.168.1.0
Local Group IP Subnet255.255.255.0
Remote EndpointIP Address
Remote security gateway addressXXX.XXX.XXX.XXX
Remote security domain name
Remote group typeIP Address & Subnet
Remote group IP192.168.20.0
Remote group Subnet Mask255.255.255.0
Encrypted algorithm3DES
Integrity algorithmMD5
Policy typeAuto
Encryption Algorithm Key
Integrity Algorithm Key

VPN Status
VPN Status
Tunnel Name
Remote Policy
Local Policy
IKE Algorithm
IPSec Algorithm
TX Bytes
RX Bytes
Connect Status
P1192.168.20.0/24192.168.1.0/243DES192-MD
5
3DES0-HMAC
_MD5
00Connected

UC560 side:

crypto isakmp policy 10

encr 3des

hash md5

authentication pre-share

group 2

lifetime 3600

crypto isakmp key XXXXXXXXXXX address XXX.XXX.XXX.XXX

!

!

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto ipsec transform-set 50 esp-3des esp-md5-hmac

!

!

crypto map VPN_STS 10 ipsec-isakmp

set peer XXX.XXX.XXX.XXX

set security-association lifetime seconds 900

set transform-set 50

match address 120

!

!

!

interface Dialer1

crypto map VPN_STS

!

!

!

access-list 120 permit ip 192.168.20.0 0.0.0.255 192.168.1.0 0.0.0.255

!

!

SHOW IN UC560:

sh crypto isakmp sa

     dst                                 src                            state                    conn-id status

XXX.XXX.XXX.XXX    XXX.XXX.XXX.XXXX        QM_IDLE           2039 ACTIVE

DEBUG

042696: Jul 22 08:28:49.115: ISAKMP:(2040):purging node 292181716

042697: Jul 22 08:28:49.143: ISAKMP:(2040):purging node 1120028821

042698: Jul 22 08:29:02.683: ISAKMP (2040): received packet from XXX.XXX.XXX.XXX dport 4500 sport 1117 Global (R) QM_IDLE     

042699: Jul 22 08:29:02.683: ISAKMP: set new node -296987558 to QM_IDLE     

042700: Jul 22 08:29:02.683: ISAKMP:(2040): processing HASH payload. message ID = 3997979738

042701: Jul 22 08:29:02.683: ISAKMP:(2040): processing NOTIFY DPD/R_U_THERE protocol 1

spi 0, message ID = 3997979738, sa = 0x86AC795C

042702: Jul 22 08:29:02.683: ISAKMP:(2040):deleting node -296987558 error FALSE reason "Informational (in) state 1"

042703: Jul 22 08:29:02.683: ISAKMP:(2040):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY

042704: Jul 22 08:29:02.683: ISAKMP:(2040):Old State = IKE_P1_COMPLETE  New State = IKE_P1_COMPLETE

042705: Jul 22 08:29:02.683: ISAKMP:(2040):DPD/R_U_THERE received from peer XXX.XXX.XXX.XXX, sequence 0xAD1FD6F2

042706: Jul 22 08:29:02.683: ISAKMP: set new node 138975719 to QM_IDLE     

042707: Jul 22 08:29:02.683: ISAKMP:(2040):Sending NOTIFY DPD/R_U_THERE_ACK protocol 1

spi 2290269104, message ID = 138975719

042708: Jul 22 08:29:02.683: ISAKMP:(2040): seq. no 0xAD1FD6F2

042709: Jul 22 08:29:02.683: ISAKMP:(2040): sending packet to XXX.XXX.XXX.XXX my_port 4500 peer_port 1117 (R) QM_IDLE     

042710: Jul 22 08:29:02.683: ISAKMP:(2040):Sending an IKE IPv4 Packet.

042711: Jul 22 08:29:02.683: ISAKMP:(2040):purging node 138975719

042712: Jul 22 08:29:02.683: ISAKMP:(2040):Input = IKE_MESG_FROM_PEER, IKE_MESG_KEEP_ALIVE

042713: Jul 22 08:29:02.683: ISAKMP:(2040):Old State = IKE_P1_COMPLETE  New State = IKE_P1_COMPLETE

ISAKMP (2040): received packet from

042696: Jul 22 08:28:49.115: ISAKMP:(2040):purging node 292181716

042697: Jul 22 08:28:49.143: ISAKMP:(2040):purging node 1120028821

042698: Jul 22 08:29:02.683: ISAKMP (2040): received packet from XXX.XXX.XXX.XXX dport 4500 sport 1117 Global (R) QM_IDLE     

042699: Jul 22 08:29:02.683: ISAKMP: set new node -296987558 to QM_IDLE     

042700: Jul 22 08:29:02.683: ISAKMP:(2040): processing HASH payload. message ID = 3997979738

042701: Jul 22 08:29:02.683: ISAKMP:(2040): processing NOTIFY DPD/R_U_THERE protocol 1

spi 0, message ID = 3997979738, sa = 0x86AC795C

042702: Jul 22 08:29:02.683: ISAKMP:(2040):deleting node -296987558 error FALSE reason "Informational (in) state 1"

042703: Jul 22 08:29:02.683: ISAKMP:(2040):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY

042704: Jul 22 08:29:02.683: ISAKMP:(2040):Old State = IKE_P1_COMPLETE  New State = IKE_P1_COMPLETE

042705: Jul 22 08:29:02.683: ISAKMP:(2040):DPD/R_U_THERE received from peer XXX.XXX.XXX.XXX, sequence 0xAD1FD6F2

042706: Jul 22 08:29:02.683: ISAKMP: set new node 138975719 to QM_IDLE     

042707: Jul 22 08:29:02.683: ISAKMP:(2040):Sending NOTIFY DPD/R_U_THERE_ACK protocol 1

spi 2290269104, message ID = 138975719

042708: Jul 22 08:29:02.683: ISAKMP:(2040): seq. no 0xAD1FD6F2

042709: Jul 22 08:29:02.683: ISAKMP:(2040): sending packet to XXX.XXX.XXX.XXX my_port 4500 peer_port 1117 (R) QM_IDLE     

042710: Jul 22 08:29:02.683: ISAKMP:(2040):Sending an IKE IPv4 Packet.

042711: Jul 22 08:29:02.683: ISAKMP:(2040):purging node 138975719

042712: Jul 22 08:29:02.683: ISAKMP:(2040):Input = IKE_MESG_FROM_PEER, IKE_MESG_KEEP_ALIVE

042713: Jul 22 08:29:02.683: ISAKMP:(2040):Old State = IKE_P1_COMPLETE  New State = IKE_P1_COMPLETE  dport 4500 sport 1117 Global (R) QM_IDLE     

042729: Jul 22 08:32:20.467: ISAKMP: set new node 454410426 to QM_IDLE     

042730: Jul 22 08:32:20.467: ISAKMP:(2040): processing HASH payload. message ID = 454410426

042731: Jul 22 08:32:20.467: ISAKMP:(2040): processing NOTIFY DPD/R_U_THERE protocol 1

spi 0, message ID = 454410426, sa = 0x86AC795C

042732: Jul 22 08:32:20.467: ISAKMP:(2040):deleting node 454410426 error FALSE reason "Informational (in) state 1"

042733: Jul 22 08:32:20.467: ISAKMP:(2040):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY

042734: Jul 22 08:32:20.467: ISAKMP:(2040):Old State = IKE_P1_COMPLETE  New State = IKE_P1_COMPLETE

042735: Jul 22 08:32:20.467: ISAKMP:(2040):DPD/R_U_THERE received from peer

042696: Jul 22 08:28:49.115: ISAKMP:(2040):purging node 292181716

042697: Jul 22 08:28:49.143: ISAKMP:(2040):purging node 1120028821

042698: Jul 22 08:29:02.683: ISAKMP (2040): received packet from XXX.XXX.XXX.XXX dport 4500 sport 1117 Global (R) QM_IDLE     

042699: Jul 22 08:29:02.683: ISAKMP: set new node -296987558 to QM_IDLE     

042700: Jul 22 08:29:02.683: ISAKMP:(2040): processing HASH payload. message ID = 3997979738

042701: Jul 22 08:29:02.683: ISAKMP:(2040): processing NOTIFY DPD/R_U_THERE protocol 1

spi 0, message ID = 3997979738, sa = 0x86AC795C

042702: Jul 22 08:29:02.683: ISAKMP:(2040):deleting node -296987558 error FALSE reason "Informational (in) state 1"

042703: Jul 22 08:29:02.683: ISAKMP:(2040):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY

042704: Jul 22 08:29:02.683: ISAKMP:(2040):Old State = IKE_P1_COMPLETE  New State = IKE_P1_COMPLETE

123
Views
0
Helpful
0
Replies
CreatePlease to create content