I'm troubleshooting a vpn connection and am having trouble deciphering the isakmp debug can any one tell me what is happening?
I have client vpns that work but the site to site is failing.
thanks.
Josh
debug
ISAKMP (0): beginning Main Mode exchange
crypto_isakmp_process_block:src:69.25.174.245, dest:172.16.200.1 spt:500 dpt:500
OAK_MM exchange
ISAKMP (0): processing SA payload. message ID = 0
ISAKMP (0): Checking ISAKMP transform 1 against priority 12 policy
ISAKMP: encryption 3DES-CBC
ISAKMP: hash SHA
ISAKMP: default group 2
ISAKMP: auth pre-share
ISAKMP: life type in seconds
ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80
ISAKMP (0): atts are not acceptable. Next payload is 0
ISAKMP (0): Checking ISAKMP transform 1 against priority 15 policy
ISAKMP: encryption 3DES-CBC
ISAKMP: hash SHA
ISAKMP: default group 2
ISAKMP: auth pre-share
ISAKMP: life type in seconds
ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80
ISAKMP (0): atts are acceptable. Next payload is 0
ISAKMP (0): processing vendor id payload
ISAKMP (0:0): vendor ID is NAT-T
ISAKMP (0): SA is doing pre-shared key authentication using id type ID_IPV4_ADDR
ISAKMP (0:0): constructed HIS NAT-D
ISAKMP (0:0): constructed MINE NAT-D
ISAKMP (0:0): Detected port floating
return status is IKMP_NO_ERROR
crypto_isakmp_process_block:src:69.25.174.245, dest:172.16.200.1 spt:500 dpt:500
OAK_MM exchange
ISAKMP (0): processing KE payload. message ID = 0
ISAKMP (0): processing NONCE payload. message ID = 0
ISAKMP (0): processing vendor id payload
ISAKMP (0): processing vendor id payload
ISAKMP (0): remote peer supports dead peer detection
ISAKMP (0): processing vendor id payload
ISAKMP (0): speaking to another IOS box!
ISAKMP (0): processing vendor id payload
ISAKMP (0): received xauth v6 vendor id
ISAKMP (0:0): Detected NAT-D payload
ISAKMP (0:0): NAT does not match MINE hash
hash received: 85 5c 46 ef f8 25 f1 d8 da 7 ab 73 f df 4 fd fc 95 db 92
my nat hash : 4 d e3 bf 23 39 e4 ef 59 89 d9 91 10 e5 f6 6f 63 3b a5 b5
ISAKMP (0:0): Detected NAT-D payload
ISAKMP (0:0): NAT match HIS hash
ISAKMP: Created a peer struct for 69.25.174.245, peer port 37905
ISAKMP: Locking UDP_ENC struct 0x3895b84 from crypto_ikmp_udp_enc_ike_init, count 1
ISAKMP (0): ID payload
next-payload : 8
type : 1
protocol : 17
port : 0
length : 8
ISAKMP (0): Total payload length: 12
return status is IKMP_NO_ERROR
ISAKMP (0): retransmitting phase 1 (0)...
crypto_isakmp_process_block:src:69.25.174.245, dest:172.16.200.1 spt:500 dpt:500
ISAKMP: phase 1 packet is a duplicate of a previous packet
crypto_isakmp_process_block:src:69.25.174.245, dest:172.16.200.1 spt:500 dpt:500
ISAKMP: phase 1 packet is a duplicate of a previous packet
ISAKMP: resending last response
ISAKMP (0): retransmitting phase 1 (1)...IPSEC(key_engine): request timer fired: count = 1,
(identity) local= 172.16.200.1, remote= 69.25.174.245,
local_proxy= 192.168.1.52/255.255.255.255/0/0 (type=1),
remote_proxy= 10.40.0.0/255.255.0.0/0/0 (type=4)
ISAKMP (0): retransmitting phase 1 (2)...
crypto_isakmp_process_block:src:69.25.174.245, dest:172.16.200.1 spt:500 dpt:500
ISAKMP: phase 1 packet is a duplicate of a previous packet
crypto_isakmp_process_block:src:69.25.174.245, dest:172.16.200.1 spt:500 dpt:500
ISAKMP: phase 1 packet is a duplicate of a previous packet
ISAKMP: resending last response
ISAKMP (0): deleting SA: src 172.16.200.1, dst 69.25.174.245
ISADB: reaper checking SA 0x3894ecc, conn_id = 0 DELETE IT!
VPN Peer:ISAKMP: Peer Info for 69.25.174.245/4500 not found - peers:1
ISAKMP: Unlocking UDP ENC struct 0x3895b84 from isadb_free_isakmp_sa, count 0
ISADB: reaper checking SA 0x3898a6c, conn_id = 0
crypto_isakmp_process_block:src:69.25.174.245, dest:172.16.200.1 spt:500 dpt:500
ISAKMP: sa not found for ike msg
IPSEC(key_engine): request timer fired: count = 2,
(identity) local= 172.16.200.1, remote= 69.25.174.245,
local_proxy= 192.168.1.52/255.255.255.255/0/0 (type=1),
remote_proxy= 10.40.0.0/255.255.0.0/0/0 (type=4)
|
Similar Threads
