Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3043
Views
0
Helpful
2
Replies

VPN IPSEC what is mean Find a dup sa in the avl tree

dcoulanges
Level 1
Level 1

‎03-16-2010 12:21 PM - edited ‎02-21-2020 04:33 PM

I am working on on VPN ISSUE:

I did  a crypto isakmp and ipsec to troubleshoot, i got this:

Mar 16 00:46:05 PDT: IPSEC(sa_request): ,                                                                  

  (key eng. msg.) OUTBOUND local= 210.183.54.250, remote= 53.236.33.80,                                    

    local_proxy= 122.216.224.0/255.255.254.0/0/0 (type=4),                                                 

    remote_proxy= 53.236.33.96/255.255.255.224/0/0 (type=4),                                               

    protocol= ESP, transform= esp-3des esp-md5-hmac ,                                                      

    lifedur= 3600s and 4608000kb,                                                                          

    spi= 0xE2ECF6A1(3807180449), conn_id= 0, keysize= 0, flags= 0x400A                                     

Mar 16 00:46:05 PDT: ISAKMP: local port 500, remote port 500                                               

Mar 16 00:46:05 PDT: ISAKMP: set new node 0 to QM_IDLE                                                     

Mar 16 00:46:05 PDT: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 47DA6958       

Mar 16 00:46:05 PDT: ISAKMP:(0:9:HW:2):Can not start Aggressive mode, trying Main mode.                    

Mar 16 00:46:05 PDT: ISAKMP:(0:9:HW:2):found peer pre-shared key matching 53.236.33.80                     

Mar 16 00:46:05 PDT: ISAKMP:(0:9:HW:2): constructed NAT-T vendor-03 ID                                     

Mar 16 00:46:05 PDT: ISAKMP:(0:9:HW:2): constructed NAT-T vendor-02 ID                                     

Mar 16 00:46:05 PDT: ISAKMP:(0:9:HW:2):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM                          

Mar 16 00:46:05 PDT: ISAKMP:(0:9:HW:2):Old State = IKE_READY  New State = IKE_I_MM1            

What does mean         Find a dup sa in the avl tree during calling isadb_insert sa = 47DA6958    ?

thanks

Dominique

1 person had this problem
Labels:
0 Helpful
2 Replies 2

dcoulanges
Level 1
Level 1

‎03-16-2010 12:29 PM

I got also

Mar 16 00:46:35 PDT: IPSEC(key_engine): request timer fired: count = 1,                                   

  (identity) local= 209.183.54.250, remote= 63.236.33.80,                                                  

    local_proxy= 166.216.224.0/255.255.254.0/0/0 (type=4),                                                 

   remote_proxy= 63.236.33.96/255.255.255.224/0/0 (type=4)                                                

Why is asking to request timer fired: count = 1, 

0 Helpful

dcoulanges
Level 1
Level 1
In response to dcoulanges

‎03-16-2010 12:30 PM

and i got at the end

Mar 16 00:47:05 PDT: IPSEC(key_engine): request timer fired: count = 2,                                    

  (identity) local= 209.183.54.250, remote= 63.236.33.80,                                                  

    local_proxy= 166.216.224.0/255.255.254.0/0/0 (type=4),                                                 

    remote_proxy= 63.236.33.96/255.255.255.224/0/0 (type=4)                                                

Mar 16 00:47:05 PDT: ISAKMP:(0:9:HW:2):peer does not do paranoid keepalives.                               

0 Helpful
Customers Also Viewed These Support Documents