Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VPN connection not establishing..

Hi,

I have configured simple Site to Site VPN connectivity, but the connection is not establishing..

Tunnel interface is also showing down.

Below is config on my router CISCO3945

crypto isakmp policy 2

encr 3des

authentication pre-share

group 2

lifetime 3600

crypto isakmp key ********* address 115.249.217.155

!

!

crypto ipsec transform-set IMLFEED esp-3des esp-sha-hmac

crypto map IML 1 ipsec-isakmp

set peer 115.249.217.155

set transform-set IMLFEED

match address 140

interface GigabitEthernet0/0

description ***** LAN *****

ip address 10.7.115.6 255.255.255.252

ip pim sparse-mode

duplex auto

speed auto

!

interface GigabitEthernet0/1

description ***** Connected to Reliance Internet *****

ip address 115.254.106.165 255.255.255.252

duplex auto

speed auto

crypto map IML

ip route 0.0.0.0 0.0.0.0 115.254.106.166

!

access-list 140 permit gre host 115.254.106.165 host 115.249.217.155

Config on Remote (Linux Base VPN)

$ cat /etc/ipsec.conf

conn bse

        auto=start

        type=transport

        authby=secret

        ike=3des-sha1-modp1024              #3des group2

        ikelifetime=8h

        esp=3des-sha1

        keylife=1h

        pfs=no

        ###our gateway

        left=115.249.217.155

        leftnexthop=115.249.217.153

        leftsubnet=10.0.0.0/16

        leftsourceip=10.7.121.2

        ###remote peer

        right=115.254.106.165

        rightnexthop=10.0.5.1

        rightnexthop=10.7.121.1

        rightsubnet=10.7.121.4/30

        rightsourceip=10.7.121.1

        rightprotoport=47

Below is output on my Router CISCO3945.

ZL1VPN-C3945#sh crypto isakmp sa

IPv4 Crypto ISAKMP SA

dst             src             state          conn-id status

115.249.217.155 115.254.106.165 MM_NO_STATE          0 ACTIVE

IPv6 Crypto ISAKMP SA

ZL1VPN-C3945#sh crypto session

Crypto session current status

Interface: GigabitEthernet0/1

Session status: DOWN-NEGOTIATING

Peer: 115.249.217.155 port 500

  IKEv1 SA: local 115.254.106.165/500 remote 115.249.217.155/500 Inactive

  IKEv1 SA: local 115.254.106.165/500 remote 115.249.217.155/500 Inactive

  IPSEC FLOW: permit 47 host 115.254.106.165 host 115.249.217.155

        Active SAs: 0, origin: crypto map

And also debug on my router CISCO3945

*********************************************************************************************************************

Oct 24 13:55:26.713: ISAKMP: set new node 0 to QM_IDLE

Oct 24 13:55:26.713: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 246B1E0

Oct 24 13:55:26.713: ISAKMP:(0):Can not start Aggressive mode, trying Main mode.

Oct 24 13:55:26.713: ISAKMP:(0):found peer pre-shared key matching 115.249.217.155

Oct 24 13:55:26.713: ISAKMP:(0): constructed NAT-T vendor-rfc3947 ID

Oct 24 13:55:26.713: ISAKMP:(0): constructed NAT-T vendor-07 ID

Oct 24 13:55:26.713: ISAKMP:(0): constructed NAT-T vendor-03 ID

Oct 24 13:55:26.713: ISAKMP:(0): constructed NAT-T vendor-02 ID

Oct 24 13:55:26.713: ISAKMP:(0):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM

Oct 24 13:55:26.713: ISAKMP:(0):Old State = IKE_READY  New State = IKE_I_MM1

Oct 24 13:55:26.713: ISAKMP:(0): beginning Main Mode exchange

Oct 24 13:55:26.713: ISAKMP:(0): sending packet to 115.249.217.155 my_port 500 peer_port 500 (I) MM_NO_STATE

Oct 24 13:55:26.713: ISAKMP:(0):Sending an IKE IPv4 Packet.

Oct 24 13:55:26.749: ISAKMP (0): received packet from 115.249.217.155 dport 500 sport 500 Global (I)

MM_NO_STATE

Oct 24 13:55:26.749: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH

Oct 24 13:55:26.749: ISAKMP:(0):Old State = IKE_I_MM1  New State = IKE_I_MM2

Oct 24 13:55:26.749: ISAKMP:(0): processing SA payload. message ID = 0

Oct 24 13:55:26.749: ISAKMP:(0): processing vendor id payload

Oct 24 13:55:26.749: ISAKMP:(0): vendor ID seems Unity/DPD but major 0 mismatch

Oct 24 13:55:26.749: ISAKMP:(0): processing vendor id payload

Oct 24 13:55:26.749: ISAKMP:(0): vendor ID is DPD

Oct 24 13:55:26.749: ISAKMP:(0):found peer pre-shared key matching 115.249.217.155

Oct 24 13:55:26.749: ISAKMP:(0): local preshared key found

Oct 24 13:55:26.749: ISAKMP : Scanning profiles for xauth ...

Oct 24 13:55:26.749: ISAKMP:(0):Checking ISAKMP transform 1 against priority 2 policy

Oct 24 13:55:26.749: ISAKMP:      encryption 3DES-CBC

Oct 24 13:55:26.749: ISAKMP:      hash SHA

Oct 24 13:55:26.749: ISAKMP:      default group 2

Oct 24 13:55:26.749: ISAKMP:      auth pre-share

Oct 24 13:55:26.749: ISAKMP:      life type in seconds

Oct 24 13:55:26.749: ISAKMP:      life duration (basic) of 3600

Oct 24 13:55:26.749: ISAKMP:(0):atts are acceptable. Next payload is 0

Oct 24 13:55:26.749: ISAKMP:(0):Acceptable atts:actual life: 0

Oct 24 13:55:26.749: ISAKMP:(0):Acceptable atts:life: 0

Oct 24 13:55:26.749: ISAKMP:(0):Basic life_in_seconds:3600

Oct 24 13:55:26.749: ISAKMP:(0):Returning Actual lifetime: 3600

Oct 24 13:55:26.749: ISAKMP:(0)::Started lifetime timer: 3600.

Oct 24 13:55:26.749: ISAKMP:(0): processing vendor id payload

Oct 24 13:55:26.749: ISAKMP:(0): vendor ID seems Unity/DPD but major 0 mismatch

Oct 24 13:55:26.749: ISAKMP:(0): processing vendor id payload

Oct 24 13:55:26.749: ISAKMP:(0): vendor ID is DPD

Oct 24 13:55:26.749: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE

Oct 24 13:55:26.749: ISAKMP:(0):Old State = IKE_I_MM2  New State = IKE_I_MM2

Oct 24 13:55:26.749: ISAKMP:(0): sending packet to 115.249.217.155 my_port 500 peer_port 500 (I) MM_SA_SETUP

Oct 24 13:55:26.749: ISAKMP:(0):Sending an IKE IPv4 Packet.

Oct 24 13:55:26.749: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE

Oct 24 13:55:26.749: ISAKMP:(0):Old State = IKE_I_MM2  New State = IKE_I_MM3

Oct 24 13:55:26.789: ISAKMP (0): received packet from 115.249.217.155 dport 500 sport 500 Global (I)

MM_SA_SETUP

Oct 24 13:55:26.789: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH

Oct 24 13:55:26.789: ISAKMP:(0):Old State = IKE_I_MM3  New State = IKE_I_MM4

Oct 24 13:55:26.789: ISAKMP:(0): processing KE payload. message ID = 0

Oct 24 13:55:26.789: ISAKMP:(0): processing NONCE payload. message ID = 0

Oct 24 13:55:26.789: ISAKMP:(0):found peer pre-shared key matching 115.249.217.155

Oct 24 13:55:26.789: ISAKMP:(9145):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE

Oct 24 13:55:26.789: ISAKMP:(9145):Old State = IKE_I_MM4  New State = IKE_I_MM4

Oct 24 13:55:26.789: ISAKMP:(9145):Send initial contact

Oct 24 13:55:26.789: ISAKMP:(9145):SA is doing pre-shared key authentication using id type ID_IPV4_ADDR

Oct 24 13:55:26.789: ISAKMP (9145): ID payload

        next-payload : 8

        type         : 1

        address      : 115.254.106.165

        protocol     : 17

        port         : 500

        length       : 12

Oct 24 13:55:26.789: ISAKMP:(9145):Total payload length: 12

Oct 24 13:55:26.789: ISAKMP:(9145): sending packet to 115.249.217.155 my_port 500 peer_port 500 (I) MM_KEY_EXCH

Oct 24 13:55:26.789: ISAKMP:(9145):Sending an IKE IPv4 Packet.

Oct 24 13:55:26.789: ISAKMP:(9145):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE

Oct 24 13:55:26.789: ISAKMP:(9145):Old State = IKE_I_MM4  New State = IKE_I_MM5

Oct 24 13:55:26.829: ISAKMP (9145): received packet from 115.249.217.155 dport 500 sport 500 Global (I)

MM_KEY_EXCH

Oct 24 13:55:26.829: ISAKMP:(9145): processing ID payload. message ID = 0

Oct 24 13:55:26.829: ISAKMP (9145): ID payload

        next-payload : 8

        type         : 1

        address      : 115.249.217.155

        protocol     : 0

        port         : 0

        length       : 12

Oct 24 13:55:26.829: ISAKMP:(0):: peer matches *none* of the profiles

Oct 24 13:55:26.829: ISAKMP:(9145): processing HASH payload. message ID = 0

Oct 24 13:55:26.829: ISAKMP:(9145): processing vendor id payload

Oct 24 13:55:26.829: ISAKMP:(9145): vendor ID seems Unity/DPD but major 126 mismatch

Oct 24 13:55:26.829: ISAKMP:(9145):SA authentication status:

        authenticated

Oct 24 13:55:26.829: ISAKMP:(9145):SA has been authenticated with 115.249.217.155

Oct 24 13:55:26.829: ISAKMP: Trying to insert a peer 115.254.106.165/115.249.217.155/500/,  and inserted

successfully 1448A954.

Oct 24 13:55:26.829: ISAKMP:(9145):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH

Oct 24 13:55:26.829: ISAKMP:(9145):Old State = IKE_I_MM5  New State = IKE_I_MM6

Oct 24 13:55:26.829: ISAKMP:(9145):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE

Oct 24 13:55:26.829: ISAKMP:(9145):Old State = IKE_I_MM6  New State = IKE_I_MM6

Oct 24 13:55:26.829: ISAKMP:(9145):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE

Oct 24 13:55:26.829: ISAKMP:(9145):Old State = IKE_I_MM6  New State = IKE_P1_COMPLETE

Oct 24 13:55:26.829: ISAKMP:(9145):beginning Quick Mode exchange, M-ID of 750208415

Oct 24 13:55:26.829: ISAKMP:(9145):QM Initiator gets spi

Oct 24 13:55:26.829: ISAKMP:(9145): sending packet to 115.249.217.155 my_port 500 peer_port 500 (I) QM_IDLE

Oct 24 13:55:26.829: ISAKMP:(9145):Sending an IKE IPv4 Packet.

Oct 24 13:55:26.829: ISAKMP:(9145):Node 750208415, Input = IKE_MESG_INTERNAL, IKE_INIT_QM

Oct 24 13:55:26.829: ISAKMP:(9145):Old State = IKE_QM_READY  New State = IKE_QM_I_QM1

Oct 24 13:55:26.829: ISAKMP:(9145):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE

Oct 24 13:55:26.829: ISAKMP:(9145):Old State = IKE_P1_COMPLETE  New State = IKE_P1_COMPLETE

Oct 24 13:55:26.841: ISAKMP:(9143):purging SA., sa=12559218, delme=12559218

Oct 24 13:55:26.865: ISAKMP (9145): received packet from 115.249.217.155 dport 500 sport 500 Global (I) QM_IDLE

Oct 24 13:55:26.865: ISAKMP: set new node -1203004786 to QM_IDLE

Oct 24 13:55:26.865: ISAKMP:(9145): processing HASH payload. message ID = 3091962510

Oct 24 13:55:26.865: ISAKMP:(9145): processing NOTIFY INVALID_ID_INFO protocol 1

        spi 0, message ID = 3091962510, sa = 0x246B1E0

Oct 24 13:55:26.865: ISAKMP:(9145):peer does not do paranoid keepalives.

Oct 24 13:55:26.865: ISAKMP:(9145):deleting SA reason "Recevied fatal informational" state (I) QM_IDLE      

(peer 115.249.217.155)

Oct 24 13:55:26.865: ISAKMP:(9145):deleting node -1203004786 error FALSE reason "Informational (in) state 1"

Oct 24 13:55:26.865: ISAKMP:(9145):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY

Oct 24 13:55:26.865: ISAKMP:(9145):Old State = IKE_P1_COMPLETE  New State = IKE_P1_COMPLETE

Oct 24 13:55:26.865: ISAKMP: set new node 809050989 to QM_IDLE

Oct 24 13:55:26.865: ISAKMP:(9145): sending packet to 115.249.217.155 my_port 500 peer_port 500 (I) QM_IDLE

Oct 24 13:55:26.865: ISAKMP:(9145):Sending an IKE IPv4 Packet.

Oct 24 13:55:26.865: ISAKMP:(9145):purging node 809050989

Oct 24 13:55:26.865: ISAKMP:(9145):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL

Oct 24 13:55:26.865: ISAKMP:(9145):Old State = IKE_P1_COMPLETE  New State = IKE_DEST_SA

Oct 24 13:55:26.865: ISAKMP:(9145):deleting SA reason "Recevied fatal informational" state (I) QM_IDLE      

(peer 115.249.217.155)

Oct 24 13:55:26.865: ISAKMP: Unlocking peer struct 0x1448A954 for isadb_mark_sa_deleted(), count 0

Oct 24 13:55:26.865: ISAKMP: Deleting peer node by peer_reap for 115.249.217.155: 1448A954

Oct 24 13:55:26.865: ISAKMP:(9145):deleting node 750208415 error FALSE reason "IKE deleted"

Oct 24 13:55:26.865: ISAKMP:(9145):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH

Oct 24 13:55:26.865: ISAKMP:(9145):Old State = IKE_DEST_SA  New State = IKE_DEST_SA

Oct 24 13:55:26.865: IPSEC(key_engine): got a queue event with 1 KMI message(s)

Oct 24 13:55:26.901: ISAKMP (9145): received packet from 115.249.217.155 dport 500 sport 500 Global (I)

MM_NO_STATE

Oct 24 13:55:35.921: ISAKMP (0): received packet from 115.249.217.155 dport 500 sport 500 Global (N) NEW SA

Oct 24 13:55:35.921: ISAKMP: Created a peer struct for 115.249.217.155, peer port 500

Oct 24 13:55:35.921: ISAKMP: New peer created peer = 0x1448A954 peer_handle = 0x80000093

Oct 24 13:55:35.921: ISAKMP: Locking peer struct 0x1448A954, refcount 1 for crypto_isakmp_process_block

Oct 24 13:55:35.921: ISAKMP: local port 500, remote port 500

Oct 24 13:55:35.921: ISAKMP:(0):insert sa successfully sa = 12559218

Oct 24 13:55:35.921: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH

Oct 24 13:55:35.921: ISAKMP:(0):Old State = IKE_READY  New State = IKE_R_MM1

Oct 24 13:55:35.925: ISAKMP:(0): processing SA payload. message ID = 0

Oct 24 13:55:35.925: ISAKMP:(0): processing vendor id payload

Oct 24 13:55:35.925: ISAKMP:(0): vendor ID seems Unity/DPD but major 0 mismatch

Oct 24 13:55:35.925: ISAKMP:(0): processing vendor id payload

Oct 24 13:55:35.925: ISAKMP:(0): vendor ID is DPD

Oct 24 13:55:35.925: ISAKMP:(0):found peer pre-shared key matching 115.249.217.155

Oct 24 13:55:35.925: ISAKMP:(0): local preshared key found

Oct 24 13:55:35.925: ISAKMP : Scanning profiles for xauth ...

Oct 24 13:55:35.925: ISAKMP:(0):Checking ISAKMP transform 0 against priority 2 policy

Oct 24 13:55:35.925: ISAKMP:      life type in seconds

Oct 24 13:55:35.925: ISAKMP:      life duration (basic) of 3600

Oct 24 13:55:35.925: ISAKMP:      encryption 3DES-CBC

Oct 24 13:55:35.925: ISAKMP:      hash SHA

Oct 24 13:55:35.925: ISAKMP:      auth pre-share

Oct 24 13:55:35.925: ISAKMP:      default group 2

Oct 24 13:55:35.925: ISAKMP:(0):atts are acceptable. Next payload is 0

Oct 24 13:55:35.925: ISAKMP:(0):Acceptable atts:actual life: 0

Oct 24 13:55:35.925: ISAKMP:(0):Acceptable atts:life: 0

Oct 24 13:55:35.925: ISAKMP:(0):Basic life_in_seconds:3600

Oct 24 13:55:35.925: ISAKMP:(0):Returning Actual lifetime: 3600

Oct 24 13:55:35.925: ISAKMP:(0)::Started lifetime timer: 3600.

Oct 24 13:55:35.925: ISAKMP:(0): processing vendor id payload

Oct 24 13:55:35.925: ISAKMP:(0): vendor ID seems Unity/DPD but major 0 mismatch

Oct 24 13:55:35.925: ISAKMP:(0): processing vendor id payload

Oct 24 13:55:35.925: ISAKMP:(0): vendor ID is DPD

Oct 24 13:55:35.925: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE

Oct 24 13:55:35.925: ISAKMP:(0):Old State = IKE_R_MM1  New State = IKE_R_MM1

Oct 24 13:55:35.925: ISAKMP:(0): sending packet to 115.249.217.155 my_port 500 peer_port 500 (R) MM_SA_SETUP

Oct 24 13:55:35.925: ISAKMP:(0):Sending an IKE IPv4 Packet.

Oct 24 13:55:35.925: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE

Oct 24 13:55:35.925: ISAKMP:(0):Old State = IKE_R_MM1  New State = IKE_R_MM2

Oct 24 13:55:35.961: ISAKMP (0): received packet from 115.249.217.155 dport 500 sport 500 Global (R)

MM_SA_SETUP

Oct 24 13:55:35.961: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH

Oct 24 13:55:35.961: ISAKMP:(0):Old State = IKE_R_MM2  New State = IKE_R_MM3

Oct 24 13:55:35.961: ISAKMP:(0): processing KE payload. message ID = 0

Oct 24 13:55:35.965: ISAKMP:(0): processing NONCE payload. message ID = 0

Oct 24 13:55:35.965: ISAKMP:(0):found peer pre-shared key matching 115.249.217.155

Oct 24 13:55:35.965: ISAKMP:(9146):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE

Oct 24 13:55:35.965: ISAKMP:(9146):Old State = IKE_R_MM3  New State = IKE_R_MM3

Oct 24 13:55:35.965: ISAKMP:(9146): sending packet to 115.249.217.155 my_port 500 peer_port 500 (R) MM_KEY_EXCH

Oct 24 13:55:35.965: ISAKMP:(9146):Sending an IKE IPv4 Packet.

Oct 24 13:55:35.965: ISAKMP:(9146):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE

Oct 24 13:55:35.965: ISAKMP:(9146):Old State = IKE_R_MM3  New State = IKE_R_MM4

Oct 24 13:55:36.005: ISAKMP (9146): received packet from 115.249.217.155 dport 500 sport 500 Global (R)

MM_KEY_EXCH

Oct 24 13:55:36.005: ISAKMP:(9146):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH

Oct 24 13:55:36.005: ISAKMP:(9146):Old State = IKE_R_MM4  New State = IKE_R_MM5

Oct 24 13:55:36.005: ISAKMP:(9146): processing ID payload. message ID = 0

Oct 24 13:55:36.005: ISAKMP (9146): ID payload

        next-payload : 8

        type         : 1

        address      : 115.249.217.155

        protocol     : 0

        port         : 0

        length       : 12

Oct 24 13:55:36.005: ISAKMP:(0):: peer matches *none* of the profiles

Oct 24 13:55:36.005: ISAKMP:(9146): processing HASH payload. message ID = 0

Oct 24 13:55:36.005: ISAKMP:(9146):SA authentication status:

        authenticated

Oct 24 13:55:36.005: ISAKMP:(9146):SA has been authenticated with 115.249.217.155

Oct 24 13:55:36.005: ISAKMP: Trying to insert a peer 115.254.106.165/115.249.217.155/500/,  and inserted

successfully 1448A954.

Oct 24 13:55:36.005: ISAKMP:(9146):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE

Oct 24 13:55:36.005: ISAKMP:(9146):Old State = IKE_R_MM5  New State = IKE_R_MM5

Oct 24 13:55:36.005: ISAKMP:(9146):SA is doing pre-shared key authentication using id type ID_IPV4_ADDR

Oct 24 13:55:36.005: ISAKMP (9146): ID payload

        next-payload : 8

        type         : 1

        address      : 115.254.106.165

        protocol     : 17

        port         : 500

        length       : 12

Oct 24 13:55:36.005: ISAKMP:(9146):Total payload length: 12

Oct 24 13:55:36.005: ISAKMP:(9146): sending packet to 115.249.217.155 my_port 500 peer_port 500 (R) MM_KEY_EXCH

Oct 24 13:55:36.005: ISAKMP:(9146):Sending an IKE IPv4 Packet.

Oct 24 13:55:36.005: ISAKMP:(9146):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE

Oct 24 13:55:36.005: ISAKMP:(9146):Old State = IKE_R_MM5  New State = IKE_P1_COMPLETE

Oct 24 13:55:36.005: ISAKMP:(9146):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE

Oct 24 13:55:36.005: ISAKMP:(9146):Old State = IKE_P1_COMPLETE  New State = IKE_P1_COMPLETE

***********************************************************************************************************************************************


Any kind of help is appreciated...

Thanx...

  • VPN
2 REPLIES

VPN connection not establishing..

Is there really a need for GRE? Any logs from the linux box?

Michael

Please rate all helpful posts

Michael Please rate all helpful posts
New Member

VPN connection not establishing..

Hi,

Yes, we required GRE for multicast traffic.

Below is capture from Linux..

hss@trinity ~ ]$ sudo iptunnel show

gre0: gre/ip  remote any  local any  ttl inherit  nopmtudisc

bsetun: gre/ip  remote 115.254.106.165  local 115.249.217.155  dev em2  ttl 255

[hss@trinity ~ ]$ sudo ifconfig

bsetun    Link encap:UNSPEC  HWaddr 73-F9-D9-9B-FF-FF-80-CD-00-00-00-00-00-00-00-00

          inet addr:10.7.121.2  P-t-P:10.7.121.1  Mask:255.255.255.255

          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1420  Metric:1

          RX packets:0 errors:0 dropped:0 overruns:0 frame:0

          TX packets:40 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0

          RX bytes:0 (0.0 b)  TX bytes:6080 (5.9 KiB)

Also we are getting logs on cisco..

%CRYPTO-4-IKMP_NO_SA: IKE message from 115.249.217.155 has no SA and is not an initialization offer

State is flapping between MM_NO_STATE and QM_IDLE

ZL1VPN-C3945#sh crypto isakmp sa

IPv4 Crypto ISAKMP SA

dst             src             state          conn-id status

115.249.217.155 115.254.106.165 MM_NO_STATE      11235 ACTIVE (deleted)

115.254.106.165 115.249.217.155 MM_NO_STATE      11234 ACTIVE (deleted)

IPv6 Crypto ISAKMP SA

ZL1VPN-C3945#sh crypto session

Crypto session current status

Interface: GigabitEthernet0/1

Session status: DOWN-NEGOTIATING

Peer: 115.249.217.155 port 500

  IKEv1 SA: local 115.254.106.165/500 remote 115.249.217.155/500 Inactive

  IKEv1 SA: local 115.254.106.165/500 remote 115.249.217.155/500 Inactive

  IPSEC FLOW: permit 47 host 115.254.106.165 host 115.249.217.155

        Active SAs: 0, origin: crypto map

When we shut the Tunnel interface, state keep QM_IDLE status.

Thanx

Arjun

279
Views
0
Helpful
2
Replies