vpn issue

Discussion in 'Cisco' started by jestoner7, Jan 29, 2008.

  1. jestoner7

    jestoner7 Guest

    I'm troubleshooting a vpn connection and am having trouble deciphering the isakmp debug can any one tell me what is happening?

    I have client vpns that work but the site to site is failing.

    thanks.

    Josh

    debug
    ISAKMP (0): beginning Main Mode exchange
    crypto_isakmp_process_block:src:69.25.174.245, dest:172.16.200.1 spt:500 dpt:500
    OAK_MM exchange
    ISAKMP (0): processing SA payload. message ID = 0

    ISAKMP (0): Checking ISAKMP transform 1 against priority 12 policy
    ISAKMP: encryption 3DES-CBC
    ISAKMP: hash SHA
    ISAKMP: default group 2
    ISAKMP: auth pre-share
    ISAKMP: life type in seconds
    ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80
    ISAKMP (0): atts are not acceptable. Next payload is 0
    ISAKMP (0): Checking ISAKMP transform 1 against priority 15 policy
    ISAKMP: encryption 3DES-CBC
    ISAKMP: hash SHA
    ISAKMP: default group 2
    ISAKMP: auth pre-share
    ISAKMP: life type in seconds
    ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80
    ISAKMP (0): atts are acceptable. Next payload is 0
    ISAKMP (0): processing vendor id payload

    ISAKMP (0:0): vendor ID is NAT-T
    ISAKMP (0): SA is doing pre-shared key authentication using id type ID_IPV4_ADDR
    ISAKMP (0:0): constructed HIS NAT-D
    ISAKMP (0:0): constructed MINE NAT-D
    ISAKMP (0:0): Detected port floating
    return status is IKMP_NO_ERROR
    crypto_isakmp_process_block:src:69.25.174.245, dest:172.16.200.1 spt:500 dpt:500
    OAK_MM exchange
    ISAKMP (0): processing KE payload. message ID = 0

    ISAKMP (0): processing NONCE payload. message ID = 0

    ISAKMP (0): processing vendor id payload

    ISAKMP (0): processing vendor id payload

    ISAKMP (0): remote peer supports dead peer detection

    ISAKMP (0): processing vendor id payload

    ISAKMP (0): speaking to another IOS box!

    ISAKMP (0): processing vendor id payload

    ISAKMP (0): received xauth v6 vendor id

    ISAKMP (0:0): Detected NAT-D payload
    ISAKMP (0:0): NAT does not match MINE hash
    hash received: 85 5c 46 ef f8 25 f1 d8 da 7 ab 73 f df 4 fd fc 95 db 92
    my nat hash : 4 d e3 bf 23 39 e4 ef 59 89 d9 91 10 e5 f6 6f 63 3b a5 b5
    ISAKMP (0:0): Detected NAT-D payload
    ISAKMP (0:0): NAT match HIS hash
    ISAKMP: Created a peer struct for 69.25.174.245, peer port 37905
    ISAKMP: Locking UDP_ENC struct 0x3895b84 from crypto_ikmp_udp_enc_ike_init, count 1
    ISAKMP (0): ID payload
    next-payload : 8
    type : 1
    protocol : 17
    port : 0
    length : 8
    ISAKMP (0): Total payload length: 12
    return status is IKMP_NO_ERROR
    ISAKMP (0): retransmitting phase 1 (0)...
    crypto_isakmp_process_block:src:69.25.174.245, dest:172.16.200.1 spt:500 dpt:500
    ISAKMP: phase 1 packet is a duplicate of a previous packet
    crypto_isakmp_process_block:src:69.25.174.245, dest:172.16.200.1 spt:500 dpt:500
    ISAKMP: phase 1 packet is a duplicate of a previous packet
    ISAKMP: resending last response
    ISAKMP (0): retransmitting phase 1 (1)...IPSEC(key_engine): request timer fired: count = 1,
    (identity) local= 172.16.200.1, remote= 69.25.174.245,
    local_proxy= 192.168.1.52/255.255.255.255/0/0 (type=1),
    remote_proxy= 10.40.0.0/255.255.0.0/0/0 (type=4)

    ISAKMP (0): retransmitting phase 1 (2)...
    crypto_isakmp_process_block:src:69.25.174.245, dest:172.16.200.1 spt:500 dpt:500
    ISAKMP: phase 1 packet is a duplicate of a previous packet
    crypto_isakmp_process_block:src:69.25.174.245, dest:172.16.200.1 spt:500 dpt:500
    ISAKMP: phase 1 packet is a duplicate of a previous packet
    ISAKMP: resending last response
    ISAKMP (0): deleting SA: src 172.16.200.1, dst 69.25.174.245
    ISADB: reaper checking SA 0x3894ecc, conn_id = 0 DELETE IT!

    VPN Peer:ISAKMP: Peer Info for 69.25.174.245/4500 not found - peers:1

    ISAKMP: Unlocking UDP ENC struct 0x3895b84 from isadb_free_isakmp_sa, count 0
    ISADB: reaper checking SA 0x3898a6c, conn_id = 0
    crypto_isakmp_process_block:src:69.25.174.245, dest:172.16.200.1 spt:500 dpt:500
    ISAKMP: sa not found for ike msg
    IPSEC(key_engine): request timer fired: count = 2,
    (identity) local= 172.16.200.1, remote= 69.25.174.245,
    local_proxy= 192.168.1.52/255.255.255.255/0/0 (type=1),
    remote_proxy= 10.40.0.0/255.255.0.0/0/0 (type=4)
     
    jestoner7, Jan 29, 2008
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Elise
    Replies:
    6
    Views:
    848
    John Rennie
    May 22, 2004
  2. OZ
    Replies:
    3
    Views:
    11,101
  3. pasatealinux
    Replies:
    1
    Views:
    2,082
    pasatealinux
    Dec 17, 2007
  4. serge
    Replies:
    3
    Views:
    1,169
    m0bilitee
    May 5, 2008
  5. rudresh02
    Replies:
    1
    Views:
    5,145
    rudresh02
    Feb 24, 2009
Loading...

Share This Page