[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2304
  • Last Modified:

Cisco ISite to Site VPN connection Problem

Hoep someone can help with an establishment issue with site to site VPN on cisco IOS. The tunnel does nto establish. Here's a copy of the debug crypto isakmp:

Apr 28 12:56:47.878 Thai: ISAKMP (0:134217754): received packet from x.x.x.x dport 500 sport 500 Global (R) MM_NO_STATE
Apr 28 12:56:54.682 Thai: ISAKMP:(0:0:N/A:0): retransmitting phase 1 MM_NO_STATE...
Apr 28 12:56:54.682 Thai: ISAKMP:(0:0:N/A:0):incrementing error counter on sa: retransmit phase 1
Apr 28 12:56:54.682 Thai: ISAKMP:(0:0:N/A:0): retransmitting phase 1 MM_NO_STATE
Apr 28 12:56:54.682 Thai: ISAKMP:(0:0:N/A:0): sending packet to x.x.x.x my_port 500 peer_port 500 (I) MM_NO_STATE
Apr 28 12:56:59.731 Thai: ISAKMP (0:0): received packet from x.x.x.x dport 500 sport 500 Global (N) NEW SA
Apr 28 12:56:59.731 Thai: ISAKMP: Created a peer struct for x.x.x.x, peer port 500
Apr 28 12:56:59.731 Thai: ISAKMP: New peer created peer = 0x46D9390C peer_handle = 0x80020759
Apr 28 12:56:59.731 Thai: ISAKMP: Locking peer struct 0x46D9390C, IKE refcount 1 for crypto_isakmp_process_block
Apr 28 12:56:59.731 Thai: ISAKMP: local port 500, remote port 500
Apr 28 12:56:59.731 Thai: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 459BEB68
Apr 28 12:56:59.735 Thai: ISAKMP:(0:0:N/A:0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
Apr 28 12:56:59.735 Thai: ISAKMP:(0:0:N/A:0):Old State = IKE_READY  New State = IKE_R_MM1

Apr 28 12:56:59.735 Thai: ISAKMP:(0:0:N/A:0): processing SA payload. message ID = 0
Apr 28 12:56:59.735 Thai: ISAKMP:(0:0:N/A:0): processing vendor id payload
Apr 28 12:56:59.735 Thai: ISAKMP:(0:0:N/A:0): vendor ID seems Unity/DPD but major 245 mismatch
Apr 28 12:56:59.735 Thai: ISAKMP (0:0): vendor ID is NAT-T v7
Apr 28 12:56:59.735 Thai: ISAKMP:(0:0:N/A:0): processing vendor id payload
Apr 28 12:56:59.735 Thai: ISAKMP:(0:0:N/A:0): vendor ID seems Unity/DPD but major 157 mismatch
Apr 28 12:56:59.735 Thai: ISAKMP:(0:0:N/A:0): vendor ID is NAT-T v3
Apr 28 12:56:59.735 Thai: ISAKMP:(0:0:N/A:0): processing vendor id payload
Apr 28 12:56:59.735 Thai: ISAKMP:(0:0:N/A:0): vendor ID seems Unity/DPD but major 123 mismatch
Apr 28 12:56:59.735 Thai: ISAKMP:(0:0:N/A:0): vendor ID is NAT-T v2
Apr 28 12:56:59.735 Thai: ISAKMP:(0:0:N/A:0):Looking for a matching key for x.x.x.x in default
Apr 28 12:56:59.735 Thai: ISAKMP:(0:0:N/A:0): : success
Apr 28 12:56:59.735 Thai: ISAKMP:(0:0:N/A:0):found peer pre-shared key matching x.x.x.x
Apr 28 12:56:59.735 Thai: ISAKMP:(0:0:N/A:0): local preshared key found
Apr 28 12:56:59.735 Thai: ISAKMP : Scanning profiles for xauth ...
Apr 28 12:56:59.735 Thai: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 1 against priority 100 policy
Apr 28 12:56:59.735 Thai: ISAKMP:      encryption DES-CBC
Apr 28 12:56:59.735 Thai: ISAKMP:      hash SHA
Apr 28 12:56:59.735 Thai: ISAKMP:      default group 1
Apr 28 12:56:59.735 Thai: ISAKMP:      auth pre-share
Apr 28 12:56:59.735 Thai: ISAKMP:      life type in seconds
Apr 28 12:56:59.735 Thai: ISAKMP:      life duration (basic) of 60
Apr 28 12:56:59.735 Thai: ISAKMP:(0:0:N/A:0):atts are acceptable. Next payload is 3
Apr 28 12:56:59.735 Thai: ISAKMP:(0:0:N/A:0):Setting the rekey timer since IKE is operating in Continuous Channel Mode.
Apr 28 12:56:59.751 Thai: ISAKMP:(0:27:SW:1): processing vendor id payload
Apr 28 12:56:59.751 Thai: ISAKMP:(0:27:SW:1): vendor ID seems Unity/DPD but major 245 mismatch
Apr 28 12:56:59.751 Thai: ISAKMP (0:134217755): vendor ID is NAT-T v7
Apr 28 12:56:59.751 Thai: ISAKMP:(0:27:SW:1): processing vendor id payload
Apr 28 12:56:59.751 Thai: ISAKMP:(0:27:SW:1): vendor ID seems Unity/DPD but major 157 mismatch
Apr 28 12:56:59.751 Thai: ISAKMP:(0:27:SW:1): vendor ID is NAT-T v3
Apr 28 12:56:59.751 Thai: ISAKMP:(0:27:SW:1): processing vendor id payload
Apr 28 12:56:59.751 Thai: ISAKMP:(0:27:SW:1): vendor ID seems Unity/DPD but major 123 mismatch
Apr 28 12:56:59.751 Thai: ISAKMP:(0:27:SW:1): vendor ID is NAT-T v2
Apr 28 12:56:59.751 Thai: ISAKMP:(0:27:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
Apr 28 12:56:59.751 Thai: ISAKMP:(0:27:SW:1):Old State = IKE_R_MM1  New State = IKE_R_MM1

Apr 28 12:56:59.751 Thai: ISAKMP:(0:27:SW:1): constructed NAT-T vendor-07 ID
Apr 28 12:56:59.751 Thai: ISAKMP:(0:27:SW:1): sending packet to x.x.x.x my_port 500 peer_port 500 (R) MM_SA_SETUP
Apr 28 12:56:59.751 Thai: ISAKMP:(0:27:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
Apr 28 12:56:59.751 Thai: ISAKMP:(0:27:SW:1):Old State = IKE_R_MM1  New State = IKE_R_MM2

Apr 28 12:57:00.747 Thai: ISAKMP:(0:0:N/A:0):purging node 1529555983
Apr 28 12:57:00.747 Thai: ISAKMP:(0:0:N/A:0):purging node 1937589234
Apr 28 12:57:04.683 Thai: ISAKMP:(0:0:N/A:0): retransmitting phase 1 MM_NO_STATE...
Apr 28 12:57:04.683 Thai: ISAKMP:(0:0:N/A:0):incrementing error counter on sa: retransmit phase 1
Apr 28 12:57:04.683 Thai: ISAKMP:(0:0:N/A:0): retransmitting phase 1 MM_NO_STATE
Apr 28 12:57:04.683 Thai: ISAKMP:(0:0:N/A:0): sending packet to x.x.x.x my_port 500 peer_port 500 (I) MM_NO_STATE
Apr 28 12:57:09.735 Thai: ISAKMP (0:134217755): received packet from x.x.x.x dport 500 sport 500 Global (R) MM_SA_SETUP
Apr 28 12:57:09.739 Thai: ISAKMP:(0:27:SW:1): phase 1 packet is a duplicate of a previous packet.
Apr 28 12:57:09.739 Thai: ISAKMP:(0:27:SW:1): retransmitting due to retransmit phase 1
Apr 28 12:57:09.739 Thai: ISAKMP:(0:27:SW:1): retransmitting phase 1 MM_SA_SETUP...
Apr 28 12:57:10.239 Thai: ISAKMP:(0:27:SW:1): retransmitting phase 1 MM_SA_SETUP...
Apr 28 12:57:10.239 Thai: ISAKMP:(0:27:SW:1):incrementing error counter on sa: retransmit phase 1
Apr 28 12:57:10.239 Thai: ISAKMP:(0:27:SW:1): retransmitting phase 1 MM_SA_SETUP
Apr 28 12:57:10.239 Thai: ISAKMP:(0:27:SW:1): sending packet to x.x.x.x my_port 500 peer_port 500 (R) MM_SA_SETUP
Apr 28 12:57:10.747 Thai: ISAKMP:(0:0:N/A:0):purging SA., sa=477B2B44, delme=477B2B44
Apr 28 12:57:10.747 Thai: ISAKMP:(0:26:SW:1):purging SA., sa=477B3230, delme=477B3230
Apr 28 12:57:14.683 Thai: ISAKMP: received ke message (3/1)
Apr 28 12:57:14.683 Thai: ISAKMP:(0:0:N/A:0):deleting SA reason "P1 delete notify (in)" state (I) MM_NO_STATE (peer x.x.x.x)
Apr 28 12:57:14.683 Thai: ISAKMP:(0:27:SW:1):deleting SA reason "P1 delete notify (in)" state (R) MM_SA_SETUP (peer x.x.x.x)
Apr 28 12:57:14.683 Thai: ISAKMP:(0:0:N/A:0): retransmitting phase 1 MM_NO_STATE...
Apr 28 12:57:14.683 Thai: ISAKMP:(0:0:N/A:0):deleting SA reason "P1 delete notify (in)" state (I) MM_NO_STATE (peer x.x.x.x)
Apr 28 12:57:14.683 Thai: ISAKMP: Unlocking IKE struct 0x45B1FDE4 for isadb_mark_sa_deleted(), count 0
Apr 28 12:57:14.683 Thai: ISAKMP: Deleting peer node by peer_reap for x.x.x.x: 45B1FDE4
Apr 28 12:57:14.683 Thai: ISAKMP:(0:0:N/A:0):deleting node 450342352 error FALSE reason "IKE deleted"
Apr 28 12:57:14.683 Thai: ISAKMP:(0:0:N/A:0):deleting node -244329435 error FALSE reason "IKE deleted"
Apr 28 12:57:14.683 Thai: ISAKMP:(0:0:N/A:0):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
Apr 28 12:57:14.683 Thai: ISAKMP:(0:0:N/A:0):Old State = IKE_I_MM1  New State = IKE_DEST_SA

Apr 28 12:57:14.683 Thai: ISAKMP:(0:27:SW:1):deleting SA reason "P1 delete notify (in)" state (R) MM_SA_SETUP (peer x.x.x.x)
Apr 28 12:57:14.683 Thai: ISAKMP: Unlocking IKE struct 0x46D9390C for isadb_mark_sa_deleted(), count 0
Apr 28 12:57:14.683 Thai: ISAKMP: Deleting peer node by peer_reap for x.x.x.x: 46D9390C
Apr 28 12:57:14.683 Thai: ISAKMP:(0:27:SW:1):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
Apr 28 12:57:14.683 Thai: ISAKMP:(0:27:SW:1):Old State = IKE_R_MM2  New State = IKE_DEST_SA

Apr 28 12:57:15.007 Thai: ISAKMP: received ke message (1/1)
Apr 28 12:57:15.007 Thai: ISAKMP:(0:0:N/A:0): SA request profile is (NULL)
Apr 28 12:57:15.007 Thai: ISAKMP: Created a peer struct for x.x.x.x, peer port 500
Apr 28 12:57:15.007 Thai: ISAKMP: New peer created peer = 0x46D9390C peer_handle = 0x80020758
Apr 28 12:57:15.007 Thai: ISAKMP: Locking peer struct 0x46D9390C, IKE refcount 1 for isakmp_initiator
Apr 28 12:57:15.007 Thai: ISAKMP: local port 500, remote port 500
Apr 28 12:57:15.007 Thai: ISAKMP: set new node 0 to QM_IDLE
Apr 28 12:57:15.007 Thai: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 459BF688
Apr 28 12:57:15.007 Thai: ISAKMP:(0:0:N/A:0):Can not start Aggressive mode, trying Main mode.
Apr 28 12:57:15.007 Thai: ISAKMP:(0:0:N/A:0):Looking for a matching key for x.x.x.x in default
Apr 28 12:57:15.007 Thai: ISAKMP:(0:0:N/A:0): : success
Apr 28 12:57:15.007 Thai: ISAKMP:(0:0:N/A:0):found peer pre-shared key matching x.x.x.x
Apr 28 12:57:15.007 Thai: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-07 ID
Apr 28 12:57:15.007 Thai: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-03 ID
Apr 28 12:57:15.007 Thai: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-02 ID
Apr 28 12:57:15.007 Thai: ISAKMP:(0:0:N/A:0):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM
Apr 28 12:57:15.007 Thai: ISAKMP:(0:0:N/A:0):Old State = IKE_READY  New State = IKE_I_MM1

Apr 28 12:57:15.007 Thai: ISAKMP:(0:0:N/A:0): beginning Main Mode exchange
Apr 28 12:57:15.007 Thai: ISAKMP:(0:0:N/A:0): sending packet to x.x.x.x my_port 500 peer_port 500 (I) MM_NO_STATE
Apr 28 12:57:19.791 Thai: ISAKMP (0:134217755): received packet from x.x.x.x dport 500 sport 500 Global (R) MM_NO_STATE
Apr 28 12:57:25.007 Thai: ISAKMP:(0:0:N/A:0): retransmitting phase 1 MM_NO_STATE...
Apr 28 12:57:25.007 Thai: ISAKMP:(0:0:N/A:0):incrementing error counter on sa: retransmit phase 1
Apr 28 12:57:25.007 Thai: ISAKMP:(0:0:N/A:0): retransmitting phase 1 MM_NO_STATE
Apr 28 12:57:25.007 Thai: ISAKMP:(0:0:N/A:0): sending packet to x.x.x.x my_port 500 peer_port 500 (I) MM_NO_STATE
Apr 28 12:57:29.731 Thai: ISAKMP (0:134217755): received packet from x.x.x.x dport 500 sport 500 Global (R) MM_NO_STATE
Apr 28 12:57:35.007 Thai: ISAKMP:(0:0:N/A:0): retransmitting phase 1 MM_NO_STATE...
Apr 28 12:57:35.007 Thai: ISAKMP:(0:0:N/A:0):incrementing error counter on sa: retransmit phase 1
Apr 28 12:57:35.007 Thai: ISAKMP:(0:0:N/A:0): retransmitting phase 1 MM_NO_STATE
Apr 28 12:57:35.007 Thai: ISAKMP:(0:0:N/A:0): sending packet to x.x.x.x my_port 500 peer_port 500 (I) MM_NO_STATE
Apr 28 12:57:39.732 Thai: ISAKMP (0:134217755): received packet from x.x.x.x dport 500 sport 500 Global (R) MM_NO_STATE
Apr 28 12:57:45.008 Thai: ISAKMP: received ke message (1/1)
Apr 28 12:57:45.008 Thai: ISAKMP: set new node 0 to QM_IDLE
Apr 28 12:57:45.008 Thai: ISAKMP:(0:0:N/A:0):SA is still budding. Attached new ipsec request to it. (local x.x.x.x, remote x.x.x.x)
Apr 28 12:57:45.008 Thai: ISAKMP:(0:0:N/A:0): retransmitting phase 1 MM_NO_STATE...
Apr 28 12:57:45.008 Thai: ISAKMP:(0:0:N/A:0):incrementing error counter on sa: retransmit phase 1
Apr 28 12:57:45.008 Thai: ISAKMP:(0:0:N/A:0): retransmitting phase 1 MM_NO_STATE
Apr 28 12:57:45.008 Thai: ISAKMP:(0:0:N/A:0): sending packet to x.x.x.x my_port 500 peer_port 500 (I) MM_NO_STATE
Apr 28 12:57:49.732 Thai: ISAKMP (0:134217755): received packet from x.x.x.x dport 500 sport 500 Global (R) MM_NO_STATE
Apr 28 12:57:55.008 Thai: ISAKMP:(0:0:N/A:0): retransmitting phase 1 MM_NO_STATE...
Apr 28 12:57:55.008 Thai: ISAKMP:(0:0:N/A:0):incrementing error counter on sa: retransmit phase 1
Apr 28 12:57:55.008 Thai: ISAKMP:(0:0:N/A:0): retransmitting phase 1 MM_NO_STATE
Apr 28 12:57:55.008 Thai: ISAKMP:(0:0:N/A:0): sending packet to x.x.x.x my_port 500 peer_port 500 (I) MM_NO_STATE
Apr 28 12:58:00.824 Thai: ISAKMP (0:0): received packet from x.x.x.x dport 500 sport 500 Global (N) NEW SA
Apr 28 12:58:00.824 Thai: ISAKMP: Created a peer struct for x.x.x.x, peer port 500
Apr 28 12:58:00.824 Thai: ISAKMP: New peer created peer = 0x45B1FDE4 peer_handle = 0x8002075B
Apr 28 12:58:00.824 Thai: ISAKMP: Locking peer struct 0x45B1FDE4, IKE refcount 1 for crypto_isakmp_process_block
Apr 28 12:58:00.824 Thai: ISAKMP: local port 500, remote port 500
Apr 28 12:58:00.824 Thai: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 477B2B44
Apr 28 12:58:00.824 Thai: ISAKMP:(0:0:N/A:0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
Apr 28 12:58:00.824 Thai: ISAKMP:(0:0:N/A:0):Old State = IKE_READY  New State = IKE_R_MM1

Apr 28 12:58:00.824 Thai: ISAKMP:(0:0:N/A:0): processing SA payload. message ID = 0
Apr 28 12:58:00.824 Thai: ISAKMP:(0:0:N/A:0): processing vendor id payload
Apr 28 12:58:00.824 Thai: ISAKMP:(0:0:N/A:0): vendor ID seems Unity/DPD but major 245 mismatch
Apr 28 12:58:00.824 Thai: ISAKMP (0:0): vendor ID is NAT-T v7
Apr 28 12:58:00.828 Thai: ISAKMP:(0:0:N/A:0): processing vendor id payload
Apr 28 12:58:00.828 Thai: ISAKMP:(0:0:N/A:0): vendor ID seems Unity/DPD but major 157 mismatch
Apr 28 12:58:00.828 Thai: ISAKMP:(0:0:N/A:0): vendor ID is NAT-T v3
Apr 28 12:58:00.828 Thai: ISAKMP:(0:0:N/A:0): processing vendor id payload
Apr 28 12:58:00.828 Thai: ISAKMP:(0:0:N/A:0): vendor ID seems Unity/DPD but major 123 mismatch
Apr 28 12:58:00.828 Thai: ISAKMP:(0:0:N/A:0): vendor ID is NAT-T v2
Apr 28 12:58:00.828 Thai: ISAKMP:(0:0:N/A:0):Looking for a matching key for x.x.x.x in default
Apr 28 12:58:00.828 Thai: ISAKMP:(0:0:N/A:0): : success
Apr 28 12:58:00.828 Thai: ISAKMP:(0:0:N/A:0):found peer pre-shared key matching x.x.x.x
Apr 28 12:58:00.828 Thai: ISAKMP:(0:0:N/A:0): local preshared key found
Apr 28 12:58:00.828 Thai: ISAKMP : Scanning profiles for xauth ...
Apr 28 12:58:00.828 Thai: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 1 against priority 100 policy
Apr 28 12:58:00.828 Thai: ISAKMP:      encryption DES-CBC
Apr 28 12:58:00.828 Thai: ISAKMP:      hash SHA
Apr 28 12:58:00.828 Thai: ISAKMP:      default group 1
Apr 28 12:58:00.828 Thai: ISAKMP:      auth pre-share
Apr 28 12:58:00.828 Thai: ISAKMP:      life type in seconds
Apr 28 12:58:00.828 Thai: ISAKMP:      life duration (basic) of 60
Apr 28 12:58:00.828 Thai: ISAKMP:(0:0:N/A:0):atts are acceptable. Next payload is 3
Apr 28 12:58:00.828 Thai: ISAKMP:(0:0:N/A:0):Setting the rekey timer since IKE is operating in Continuous Channel Mode.
Apr 28 12:58:00.844 Thai: ISAKMP:(0:28:SW:1): processing vendor id payload
Apr 28 12:58:00.844 Thai: ISAKMP:(0:28:SW:1): vendor ID seems Unity/DPD but major 245 mismatch
Apr 28 12:58:00.844 Thai: ISAKMP (0:134217756): vendor ID is NAT-T v7
Apr 28 12:58:00.844 Thai: ISAKMP:(0:28:SW:1): processing vendor id payload
Apr 28 12:58:00.844 Thai: ISAKMP:(0:28:SW:1): vendor ID seems Unity/DPD but major 157 mismatch
Apr 28 12:58:00.844 Thai: ISAKMP:(0:28:SW:1): vendor ID is NAT-T v3
Apr 28 12:58:00.844 Thai: ISAKMP:(0:28:SW:1): processing vendor id payload
Apr 28 12:58:00.844 Thai: ISAKMP:(0:28:SW:1): vendor ID seems Unity/DPD but major 123 mismatch
Apr 28 12:58:00.844 Thai: ISAKMP:(0:28:SW:1): vendor ID is NAT-T v2
Apr 28 12:58:00.844 Thai: ISAKMP:(0:28:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
Apr 28 12:58:00.844 Thai: ISAKMP:(0:28:SW:1):Old State = IKE_R_MM1  New State = IKE_R_MM1

Apr 28 12:58:00.844 Thai: ISAKMP:(0:28:SW:1): constructed NAT-T vendor-07 ID
Apr 28 12:58:00.844 Thai: ISAKMP:(0:28:SW:1): sending packet to x.x.x.x my_port 500 peer_port 500 (R) MM_SA_SETUP
Apr 28 12:58:00.844 Thai: ISAKMP:(0:28:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
Apr 28 12:58:00.844 Thai: ISAKMP:(0:28:SW:1):Old State = IKE_R_MM1  New State = IKE_R_MM2

Apr 28 12:58:04.684 Thai: ISAKMP:(0:0:N/A:0):purging node 450342352
Apr 28 12:58:04.684 Thai: ISAKMP:(0:0:N/A:0):purging node -244329435
Apr 28 12:58:05.008 Thai: ISAKMP:(0:0:N/A:0): retransmitting phase 1 MM_NO_STATE...
Apr 28 12:58:05.008 Thai: ISAKMP:(0:0:N/A:0):incrementing error counter on sa: retransmit phase 1
Apr 28 12:58:05.008 Thai: ISAKMP:(0:0:N/A:0): retransmitting phase 1 MM_NO_STATE
Apr 28 12:58:05.008 Thai: ISAKMP:(0:0:N/A:0): sending packet to x.x.x.x my_port 500 peer_port 500 (I) MM_NO_STATE
Apr 28 12:58:10.824 Thai: ISAKMP (0:134217756): received packet from x.x.x.x dport 500 sport 500 Global (R) MM_SA_SETUP
Apr 28 12:58:10.824 Thai: ISAKMP:(0:28:SW:1): phase 1 packet is a duplicate of a previous packet.
Apr 28 12:58:10.824 Thai: ISAKMP:(0:28:SW:1): retransmitting due to retransmit phase 1
Apr 28 12:58:10.824 Thai: ISAKMP:(0:28:SW:1): retransmitting phase 1 MM_SA_SETUP...
Apr 28 12:58:11.324 Thai: ISAKMP:(0:28:SW:1): retransmitting phase 1 MM_SA_SETUP...
Apr 28 12:58:11.324 Thai: ISAKMP:(0:28:SW:1):incrementing error counter on sa: retransmit phase 1
Apr 28 12:58:11.324 Thai: ISAKMP:(0:28:SW:1): retransmitting phase 1 MM_SA_SETUP
Apr 28 12:58:11.324 Thai: ISAKMP:(0:28:SW:1): sending packet to x.x.x.x my_port 500 peer_port 500 (R) MM_SA_SETUP
Apr 28 12:58:14.684 Thai: ISAKMP:(0:0:N/A:0):purging SA., sa=4670C374, delme=4670C374
Apr 28 12:58:14.684 Thai: ISAKMP:(0:27:SW:1):purging SA., sa=459BEB68, delme=459BEB68
Apr 28 12:58:15.008 Thai: ISAKMP: received ke message (3/1)
Apr 28 12:58:15.008 Thai: ISAKMP:(0:0:N/A:0):deleting SA reason "P1 delete notify (in)" state (I) MM_NO_STATE (peer x.x.x.x)
Apr 28 12:58:15.008 Thai: ISAKMP:(0:28:SW:1):deleting SA reason "P1 delete notify (in)" state (R) MM_SA_SETUP (peer x.x.x.x)
Apr 28 12:58:15.008 Thai: ISAKMP:(0:0:N/A:0): retransmitting phase 1 MM_NO_STATE...
Apr 28 12:58:15.008 Thai: ISAKMP:(0:0:N/A:0):deleting SA reason "P1 delete notify (in)" state (I) MM_NO_STATE (peer x.x.x.x)
Apr 28 12:58:15.008 Thai: ISAKMP: Unlocking IKE struct 0x46D9390C for isadb_mark_sa_deleted(), count 0
Apr 28 12:58:15.008 Thai: ISAKMP: Deleting peer node by peer_reap for x.x.x.x: 46D9390C
Apr 28 12:58:15.008 Thai: ISAKMP:(0:0:N/A:0):deleting node 1279478203 error FALSE reason "IKE deleted"
Apr 28 12:58:15.008 Thai: ISAKMP:(0:0:N/A:0):deleting node 1906340897 error FALSE reason "IKE deleted"
Apr 28 12:58:15.008 Thai: ISAKMP:(0:0:N/A:0):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
Apr 28 12:58:15.008 Thai: ISAKMP:(0:0:N/A:0):Old State = IKE_I_MM1  New State = IKE_DEST_SA

Apr 28 12:58:15.008 Thai: ISAKMP:(0:28:SW:1):deleting SA reason "P1 delete notify (in)" state (R) MM_SA_SETUP (peer x.x.x.x)
Apr 28 12:58:15.008 Thai: ISAKMP: Unlocking IKE struct 0x45B1FDE4 for isadb_mark_sa_deleted(), count 0
Apr 28 12:58:15.008 Thai: ISAKMP: Deleting peer node by peer_reap for x.x.x.x: 45B1FDE4
Apr 28 12:58:15.008 Thai: ISAKMP:(0:28:SW:1):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
Apr 28 12:58:15.008 Thai: ISAKMP:(0:28:SW:1):Old State = IKE_R_MM2  New State = IKE_DEST_SA

Apr 28 12:58:18.661 Thai: ISAKMP: received ke message (1/1)
Apr 28 12:58:18.661 Thai: ISAKMP:(0:0:N/A:0): SA request profile is (NULL)
Apr 28 12:58:18.661 Thai: ISAKMP: Created a peer struct for x.x.x.x, peer port 500
Apr 28 12:58:18.661 Thai: ISAKMP: New peer created peer = 0x45B1FDE4 peer_handle = 0x80020756
Apr 28 12:58:18.661 Thai: ISAKMP: Locking peer struct 0x45B1FDE4, IKE refcount 1 for isakmp_initiator
Apr 28 12:58:18.661 Thai: ISAKMP: local port 500, remote port 500
Apr 28 12:58:18.661 Thai: ISAKMP: set new node 0 to QM_IDLE
Apr 28 12:58:18.661 Thai: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 459BEB68
Apr 28 12:58:18.661 Thai: ISAKMP:(0:0:N/A:0):Can not start Aggressive mode, trying Main mode.
Apr 28 12:58:18.661 Thai: ISAKMP:(0:0:N/A:0):Looking for a matching key for x.x.x.x in default
Apr 28 12:58:18.661 Thai: ISAKMP:(0:0:N/A:0): : success
Apr 28 12:58:18.661 Thai: ISAKMP:(0:0:N/A:0):found peer pre-shared key matching x.x.x.x
Apr 28 12:58:18.661 Thai: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-07 ID
Apr 28 12:58:18.661 Thai: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-03 ID
Apr 28 12:58:18.661 Thai: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-02 ID
Apr 28 12:58:18.661 Thai: ISAKMP:(0:0:N/A:0):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM
Apr 28 12:58:18.661 Thai: ISAKMP:(0:0:N/A:0):Old State = IKE_READY  New State = IKE_I_MM1

Apr 28 12:58:18.661 Thai: ISAKMP:(0:0:N/A:0): beginning Main Mode exchange
Apr 28 12:58:18.661 Thai: ISAKMP:(0:0:N/A:0): sending packet to x.x.x.x my_port 500 peer_port 500 (I) MM_NO_STATEno debug
Apr 28 12:58:20.825 Thai: ISAKMP (0:134217756): received packet from x.x.x.x dport 500 sport 500 Global (R) MM_NO_STATE all
Port Statistics for unclassified packets is not turned on.

Any pop out, seems like this never completes, I have checked the configs many many times on both sides, anything in the logs gives the reason?

Thanks all
0
check-in
Asked:
check-in
  • 2
1 Solution
 
harbor235Commented:


what kind of devices are the endpoints? You have NAT-traversal enabled, are you filtering udp 4500?
Ensure all phase 1 and phase 2 parameters are the same on both sides. Can you post your VPN configs?

harbor235 ;}
0
 
check-inAuthor Commented:
This issue was resolved by replacing the Internet adsl device. it seems like it was doing some sort of NAT. Replaced with e basic router and the VPN came up!

0
 
check-inAuthor Commented:
Answer found
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now