02-08-2012 06:23 AM - edited 03-04-2019 03:11 PM
Hi,
We receive the following error on a spoke router trying to set up a VPN Tunnel :
006333: Jan 28 09:14:56.912: %CRYPTO-5-IKMP_SETUP_FAILURE: IKE SETUP FAILED for local:<Spoke Public IP Address> local_id:<Spoke Public IP Address> remote:<HUB Public IP Address> remote_id:<HUB Public IP Address> IKE profile:None fvrf:None fail_reason:Peer lost fail_class_cnt:1
Router model is a Cisco 891 and IOS is c890-universalk9-mz.151-4.M3.bin
Port Gig0, which receives the Spoke Public IP Address is set up as DHCP.
Have you ever seen the error pasted above ? I've tried to lookup on the Internet but haven't found any relevant help.
Thank you.
Vivien F.
Solved! Go to Solution.
02-13-2012 12:32 PM
Vivien F.
I am glad that it is working and that my first understanding of the message was correct. Sometimes it is difficult to really understand what these error messages are trying to tell us.
Thank you for posting back to the thread and giving an updated status. Perhaps at this point it would be appropriate to mark the question as resolved?
HTH
Rick
02-08-2012 09:19 AM
Vivien F.
I have not seen that particular message. But in looking at the message it seems to suggest that it lost the remote peer. Can you verify the configuration of the remote peer. And can you verify that the remote peer is reachable from this router? (frequently a ping to the peer is a good first step in testing)
HTH
Rick
02-08-2012 10:54 AM
Hi Richard,
We have a sla tracking the reachability for the remote peer and it is indeed reachable, no loss are detected. We have several VPN tunnels coming up on the same peer withoutout any issue. Only one spoke router sends that error message and the tunnel does not come up.
Thanks.
Vivien F.
02-08-2012 11:36 AM
Vivien F.
If the remote peer is reachable then there must be some other issue. My first suggestion would be to review the ISAKMP parameters in the configuration. Perhaps there is something missing or perhaps something configured that does not match the configuration of the hub. My second suggestion is that running debug crypto isakmp might help to identify the issue.
HTH
Rick
02-13-2012 10:11 AM
Well, thanks for your help. It seems that it was indeed just an error message to show that the peer has been lost.
That's the first time I see that error message, that's what got me confused.
02-13-2012 12:32 PM
Vivien F.
I am glad that it is working and that my first understanding of the message was correct. Sometimes it is difficult to really understand what these error messages are trying to tell us.
Thank you for posting back to the thread and giving an updated status. Perhaps at this point it would be appropriate to mark the question as resolved?
HTH
Rick
02-13-2012 12:34 PM
Indeed.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide