Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6038
Views
0
Helpful
3
Replies

VPN Error

Go to solution
saquib.tandel
Level 1
Level 1

‎06-28-2010 06:55 AM - edited ‎03-04-2019 08:54 AM

Hi

recently I started getting following Error after rebooting the router all works ok for sometime and back to problem

VC_RTR#
*Jun 27 08:57:51.717: %CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed
        connection id=1059, sequence number=58152

VC_RTR#
*Jun 27 08:57:52.325: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...
*Jun 27 08:57:52.325: ISAKMP (0): incrementing error counter on sa, attempt 1 of 5: retransmit phase 1
*Jun 27 08:57:52.325: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE
*Jun 27 08:57:52.325: ISAKMP:(0): sending packet to 68.8.56.2 my_port 500 peer_port 500 (I) MM_NO_STATE
*Jun 27 08:57:52.325: ISAKMP:(0):Sending an IKE IPv4 Packet.

VC_RTR#
*Jun 27 08:58:02.325: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...
*Jun 27 08:58:02.325: ISAKMP (0): incrementing error counter on sa, attempt 2 of 5: retransmit phase 1
*Jun 27 08:58:02.325: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE
*Jun 27 08:58:02.325: ISAKMP:(0): sending packet to 68.8.56.2 my_port 500 peer_port 500 (I) MM_NO_STATE
*Jun 27 08:58:02.325: ISAKMP:(0):Sending an IKE IPv4 Packet.
VC_RTR#
*Jun 27 08:58:12.325: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...
*Jun 27 08:58:12.325: ISAKMP (0): incrementing error counter on sa, attempt 3 of 5: retransmit phase 1
*Jun 27 08:58:12.325: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE
*Jun 27 08:58:12.325: ISAKMP:(0): sending packet to 68.8.56.2 my_port 500 peer_port 500 (I) MM_NO_STATE
*Jun 27 08:58:12.325: ISAKMP:(0):Sending an IKE IPv4 Packet.
*Jun 27 08:58:12.709: ISAKMP: set new node 0 to QM_IDLE     
*Jun 27 08:58:12.709: ISAKMP:(0):SA is still budding. Attached new ipsec request to it. (local 77.89.11.2, remote 68.8.56.2)
VC_RTR#
*Jun 27 08:58:12.709: ISAKMP: Error while processing SA request: Failed to initialize SA
*Jun 27 08:58:12.709: ISAKMP: Error while processing KMI message 0, error 2.
VC_RTR#
*Jun 27 08:58:22.325: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...
*Jun 27 08:58:22.325: ISAKMP (0): incrementing error counter on sa, attempt 4 of 5: retransmit phase 1
*Jun 27 08:58:22.325: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE
*Jun 27 08:58:22.325: ISAKMP:(0): sending packet to 68.8.56.2 my_port 500 peer_port 500 (I) MM_NO_STATE
*Jun 27 08:58:22.325: ISAKMP:(0):Sending an IKE IPv4 Packet.

VC_RTR#
*Jun 27 08:58:31.825: ISAKMP:(0):purging node 1113748185
*Jun 27 08:58:31.825: ISAKMP:(0):purging node 491812622
*Jun 27 08:58:32.325: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...
*Jun 27 08:58:32.325: ISAKMP (0): incrementing error counter on sa, attempt 5 of 5: retransmit phase 1
*Jun 27 08:58:32.325: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE
*Jun 27 08:58:32.325: ISAKMP:(0): sending packet to 68.8.56.2 my_port 500 peer_port 500 (I) MM_NO_STATE
*Jun 27 08:58:32.325: ISAKMP:(0):Sending an IKE IPv4 Packet.

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎06-28-2010 08:43 AM

Saquib

The debug output shows that you are transmitting ISAKMP but are not receiving any ISAKMP response. Can you verify that you have connectivity to the peer at 68.8.56.2?

Can you verify that the peer at 68.8.56.2 is receiving your ISAKMP attempts to negotiate? Does the peer believe that it is sending to you?

It is a possibility that there is some issue on the other device or it may be that there is some problem in between that is disrupting the ISAKMP negotiations.

HTH

Rick

HTH

Rick

View solution in original post

0 Helpful
3 Replies 3

Go to solution
spremkumar
Level 9
Level 9

‎06-28-2010 07:04 AM

Hi

Can you post more info about your setup where you are getting this error message?

have you changed something recently with respect to the isp connection or configuration or hardware ?

also since when you are getting this error (from the beginning of this connection or after any changes in the network)?

Do provide more info on the connectivity which you are using for this vpn connectivity.

regds

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎06-28-2010 08:43 AM

Saquib

The debug output shows that you are transmitting ISAKMP but are not receiving any ISAKMP response. Can you verify that you have connectivity to the peer at 68.8.56.2?

Can you verify that the peer at 68.8.56.2 is receiving your ISAKMP attempts to negotiate? Does the peer believe that it is sending to you?

It is a possibility that there is some issue on the other device or it may be that there is some problem in between that is disrupting the ISAKMP negotiations.

HTH

Rick

HTH

Rick
0 Helpful

Go to solution
saquib.tandel
Level 1
Level 1
In response to Richard Burts

‎06-28-2010 11:27 AM

Hi Rick,

IPSEC traffic was having issue with One Service Provider, moving to another Service Provider resolved the issue.

Its not easy to analyze an issue when all was well and no changes done.  (( OR )) there is some simple troubleshooting tips for IPSEC

:-)  Thanks Rick

Regards

ST

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card