We receive the following error on a spoke router trying to set up a VPN Tunnel :
006333: Jan 28 09:14:56.912: %CRYPTO-5-IKMP_SETUP_FAILURE: IKE SETUP FAILED for local:<Spoke Public IP Address> local_id:<Spoke Public IP Address> remote:<HUB Public IP Address> remote_id:<HUB Public IP Address> IKE profile:None fvrf:None fail_reason:Peer lost fail_class_cnt:1
Router model is a Cisco 891 and IOS is c890-universalk9-mz.151-4.M3.bin
Port Gig0, which receives the Spoke Public IP Address is set up as DHCP.
Have you ever seen the error pasted above ? I've tried to lookup on the Internet but haven't found any relevant help.
I have not seen that particular message. But in looking at the message it seems to suggest that it lost the remote peer. Can you verify the configuration of the remote peer. And can you verify that the remote peer is reachable from this router? (frequently a ping to the peer is a good first step in testing)
We have a sla tracking the reachability for the remote peer and it is indeed reachable, no loss are detected. We have several VPN tunnels coming up on the same peer withoutout any issue. Only one spoke router sends that error message and the tunnel does not come up.
If the remote peer is reachable then there must be some other issue. My first suggestion would be to review the ISAKMP parameters in the configuration. Perhaps there is something missing or perhaps something configured that does not match the configuration of the hub. My second suggestion is that running debug crypto isakmp might help to identify the issue.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...