SOS - isakmp debug output

Hello all!

Please can you help!
I am currently setting up a site-to-site VPN between a 837 and a
draytek router.

I appear to be having problems with establishing a SA.I do not have
access to the draytek but have to rely on other people to configure it
for me.
We have agreed on keys,encryption etc but following is the debug isamkp
output I keep getting and no connection is established.
I believe I have tried all combinations but nothing.
My match ACL is as follows:
access-list 111 permit ip LOCAL_NET 0.0.0.255 REMOTE_NET 0.0.0.255
I have a route-map applied denying the same as the above ACL.
Are there specific setups for draytek that need to be applied to the
Cisco box.
Also the Draytek is on leased line so its apparently set to
dial-in/out.

Many thanks in advance.

Rob
----------------------start_debug------------------------
Dec 16 13:45:18.759: ISAKMP: received ke message (1/2)
Dec 16 13:45:18.759: ISAKMP (0:0): no idb in request
Dec 16 13:45:18.759: ISAKMP: local port 500, remote port 500
Dec 16 13:45:18.759: ISAKMP: set new node 0 to QM_IDLE
Dec 16 13:45:18.763: ISAKMP (0:1): constructed NAT-T vendor ID
Dec 16 13:45:18.763: ISAKMP (0:1): Input = IKE_MESG_FROM_IPSEC,
IKE_SA_REQ_MM
Dec 16 13:45:18.763: ISAKMP (0:1): Old State = IKE_READY New State =
IKE_I_MM1

Dec 16 13:45:18.763: ISAKMP (0:1): beginning Main Mode exchange
Dec 16 13:45:18.763: ISAKMP (0:1): sending packet to REMOTE_IP my_port
500 peer_port 500 (I) MM_NO_STATE
Dec 16 13:45:18.807: ISAKMP (0:1): received packet from REMOTE_IP dport
500 sport 500 (I) MM_NO_STATE
Dec 16 13:45:18.807: ISAKMP (0:1): Input = IKE_MESG_FROM_PEER,
IKE_MM_EXCH
Dec 16 13:45:18.811: ISAKMP (0:1): Old State = IKE_I_MM1 New State =
IKE_I_MM2

Dec 16 13:45:18.811: ISAKMP (0:1): processing SA payload. message ID =
0
Dec 16 13:45:18.811: ISAKMP (0:1): found peer pre-shared key matching
REMOTE_IP
Dec 16 13:45:18.811: ISAKMP (0:1) local preshared key found
Dec 16 13:45:18.811: ISAKMP (0:1): Checking ISAKMP transform 1 against
priority 1 policy
Dec 16 13:45:18.811: ISAKMP: encryption DES-CBC
Dec 16 13:45:18.811: ISAKMP: hash SHA
Dec 16 13:45:18.811: ISAKMP: default group 2
Dec 16 13:45:18.815: ISAKMP: auth pre-share
Dec 16 13:45:18.815: ISAKMP: life type in seconds
Dec 16 13:45:18.815: ISAKMP: life duration (basic) of 3600
Dec 16 13:45:18.815: ISAKMP (0:1): atts are acceptable. Next payload is
0
Dec 16 13:45:19.035: ISAKMP (0:1): Input = IKE_MESG_INTERNAL,
IKE_PROCESS_MAIN_MODE
Dec 16 13:45:19.035: ISAKMP (0:1): Old State = IKE_I_MM2 New State =
IKE_I_MM2

Dec 16 13:45:19.039: ISAKMP (0:1): sending packet to REMOTE_IP my_port
500 peer_port 500 (I) MM_SA_SETUP
Dec 16 13:45:19.039: ISAKMP (0:1): Input = IKE_MESG_INTERNAL,
IKE_PROCESS_COMPLETE
Dec 16 13:45:19.039: ISAKMP (0:1): Old State = IKE_I_MM2 New State =
IKE_I_MM3

Dec 16 13:45:20.367: ISAKMP (0:1): received packet from REMOTE_IP dport
500 sport 500 (I) MM_SA_SETUP
Dec 16 13:45:20.367: ISAKMP (0:1): Input = IKE_MESG_FROM_PEER,
IKE_MM_EXCH
Dec 16 13:45:20.367: ISAKMP (0:1): Old State = IKE_I_MM3 New State =
IKE_I_MM4

Dec 16 13:45:20.371: ISAKMP (0:1): processing KE payload. message ID =
0
Dec 16 13:45:20.647: ISAKMP (0:1): processing NONCE payload. message ID
= 0
Dec 16 13:45:20.647: ISAKMP (0:1): found peer pre-shared key matching
REMOTE_IP
Dec 16 13:45:20.651: ISAKMP (0:1): SKEYID state generated
Dec 16 13:45:20.651: ISAKMP (0:1): Input = IKE_MESG_INTERNAL,
IKE_PROCESS_MAIN_MODE
Dec 16 13:45:20.651: ISAKMP (0:1): Old State = IKE_I_MM4 New State =
IKE_I_MM4

Dec 16 13:45:20.667: ISAKMP (0:1): Send initial contact
Dec 16 13:45:20.667: ISAKMP (0:1): SA is doing pre-shared key
authentication using id type ID_IPV4_ADDR
Dec 16 13:45:20.667: ISAKMP (1): ID payload
next-payload : 8
type : 1
addr : LOCAL_IP
protocol : 17
port : 0
length : 8
Dec 16 13:45:20.667: ISAKMP (1): Total payload length: 12
Dec 16 13:45:20.671: ISAKMP (0:1): sending packet to REMOTE_IP my_port
500 peer_port 500 (I) MM_KEY_EXCH
Dec 16 13:45:20.671: ISAKMP (0:1): Input = IKE_MESG_INTERNAL,
IKE_PROCESS_COMPLETE
Dec 16 13:45:20.671: ISAKMP (0:1): Old State = IKE_I_MM4 New State =
IKE_I_MM5

Dec 16 13:45:23.703: ISAKMP (0:1): received packet from REMOTE_IP dport
500 sport 500 (I) MM_KEY_EXCH
Dec 16 13:45:23.703: ISAKMP (0:1): phase 1 packet is a duplicate of a
previous packet.
Dec 16 13:45:23.703: ISAKMP (0:1): retransmitting due to retransmit
phase 1
Dec 16 13:45:23.703: ISAKMP (0:1): retransmitting phase 1
MM_KEY_EXCH...
Dec 16 13:45:24.203: ISAKMP (0:1): retransmitting phase 1
MM_KEY_EXCH...
Dec 16 13:45:24.203: ISAKMP (0:1): incrementing error counter on sa:
retransmit phase 1
Dec 16 13:45:24.203: ISAKMP (0:1): retransmitting phase 1 MM_KEY_EXCH
Dec 16 13:45:24.203: ISAKMP (0:1): sending packet to REMOTE_IP my_port
500 peer_port 500 (I) MM_KEY_EXCH
Dec 16 13:45:29.635: ISAKMP (0:1): received packet from REMOTE_IP dport
500 sport 500 (I) MM_KEY_EXCH
Dec 16 13:45:29.635: ISAKMP (0:1): phase 1 packet is a duplicate of a
previous packet.
Dec 16 13:45:29.635: ISAKMP (0:1): retransmitting due to retransmit
phase 1
Dec 16 13:45:29.635: ISAKMP (0:1): retransmitting phase 1
MM_KEY_EXCH...
Dec 16 13:45:30.135: ISAKMP (0:1): retransmitting phase 1
MM_KEY_EXCH...
Dec 16 13:45:30.135: ISAKMP (0:1): incrementing error counter on sa:
retransmit phase 1
Dec 16 13:45:30.135: ISAKMP (0:1): retransmitting phase 1 MM_KEY_EXCH
Dec 16 13:45:30.135: ISAKMP (0:1): sending packet to REMOTE_IP my_port
500 peer_port 500 (I) MM_KEY_EXCH
Dec 16 13:45:40.135: ISAKMP (0:1): retransmitting phase 1
MM_KEY_EXCH...
Dec 16 13:45:40.135: ISAKMP (0:1): incrementing error counter on sa:
retransmit phase 1
Dec 16 13:45:40.135: ISAKMP (0:1): retransmitting phase 1 MM_KEY_EXCH
Dec 16 13:45:40.135: ISAKMP (0:1): sending packet to REMOTE_IP my_port
500 peer_port 500 (I) MM_KEY_EXCH
Dec 16 13:45:48.755: ISAKMP: received ke message (1/2)
Dec 16 13:45:48.755: ISAKMP: set new node 0 to QM_IDLE
Dec 16 13:45:48.755: ISAKMP (0:1): SA is still budding. Attached new
ipsec request to it.
Dec 16 13:45:50.135: ISAKMP (0:1): retransmitting phase 1
MM_KEY_EXCH...
Dec 16 13:45:50.135: ISAKMP (0:1): incrementing error counter on sa:
retransmit phase 1
Dec 16 13:45:50.135: ISAKMP (0:1): retransmitting phase 1 MM_KEY_EXCH
Dec 16 13:45:50.135: ISAKMP (0:1): sending packet to REMOTE_IP my_port
500 peer_port 500 (I) MM_KEY_EXCH
Dec 16 13:46:00.135: ISAKMP (0:1): retransmitting phase 1
MM_KEY_EXCH...
Dec 16 13:46:00.135: ISAKMP (0:1): incrementing error counter on sa:
retransmit phase 1
Dec 16 13:46:00.135: ISAKMP (0:1): retransmitting phase 1 MM_KEY_EXCH
Dec 16 13:46:00.135: ISAKMP (0:1): sending packet to REMOTE_IP my_port
500 peer_port 500 (I) MM_KEY_EXCH
Dec 16 13:46:10.135: ISAKMP (0:1): retransmitting phase 1
MM_KEY_EXCH...
Dec 16 13:46:10.135: ISAKMP (0:1): peer does not do paranoid
keepalives.

Dec 16 13:46:10.135: ISAKMP (0:1): deleting SA reason "death by
retransmission P1" state (I) MM_KEY_EXCH (peer REMOTE_IP) input queue 0
Dec 16 13:46:10.135: ISAKMP (0:1): deleting SA reason "death by
retransmission P1" state (I) MM_KEY_EXCH (peer REMOTE_IP) input queue 0
Dec 16 13:46:10.135: ISAKMP (0:1): deleting node 148264246 error TRUE
reason "death by retransmission P1"
Dec 16 13:46:10.135: ISAKMP (0:1): deleting node 250228106 error TRUE
reason "death by retransmission P1"
Dec 16 13:46:10.139: ISAKMP (0:1): Input = IKE_MESG_INTERNAL,
IKE_PHASE1_DEL
Dec 16 13:46:10.139: ISAKMP (0:1): Old State = IKE_I_MM5 New State =
IKE_DEST_SA

Dec 16 13:46:18.755: ISAKMP: received ke message (3/1)
Dec 16 13:46:18.755: ISAKMP: ignoring request to send delete notify (no
ISAKMP sa) src LOCAL_IP dst REMOTE_IP for SPI 0x0
------------------------end_debug--------------------------------------

 

Just in case anybody comes across this and maybe I simply missed out
something really stupid.
I upgraded the IOS to 12.3 and voila all sorted.

Later

Rob