12-02-2004 08:43 PM - edited 02-20-2020 11:47 PM
I've configued the following router with the basic settings and I'm having issues.
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
crypto isakmp key ABC123EXample address 1.1.1.1
!
!
crypto ipsec transform-set MLSSTORE747 esp-3des esp-md5-hmac
!
crypto map MLSSTORE747 1
set peer 1.1.1.1
set transform-set MLSSTORE747
match address 115
access-list 115 permit ip 10.101.4.0 0.0.0.63 any
ip route 0.0.0.0 0.0.0.0 Next_HOP
Some errors on debug crypto isakmp
Log Buffer (4096 bytes):
0:39:39.167: ISAKMP (0:4): sending packet to 1.1.1.1 my_port 500 peer_por
500 (I) MM_NO_STATE
*Mar 1 00:39:39.211: ISAKMP (0:4): received packet from 1.1.1.1 dport 50
sport 500 Global (I) MM_NO_STATE
*Mar 1 00:39:39.211: ISAKMP (0:4): Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
*Mar 1 00:39:39.211: ISAKMP (0:4): Old State = IKE_I_MM1 New State = IKE_I_M
*Mar 1 00:39:39.215: ISAKMP (0:4): processing SA payload. message ID = 0
*Mar 1 00:39:39.215: ISAKMP (0:4): processing vendor id payload
*Mar 1 00:39:39.215: ISAKMP (0:4): vendor ID seems Unity/DPD but major 123 mi
atch
*Mar 1 00:39:39.215: ISAKMP (0:4): vendor ID is NAT-T v2
*Mar 1 00:39:39.215: ISAKMP (0:4): processing vendor id payload
*Mar 1 00:39:39.215: ISAKMP (0:4): vendor ID seems Unity/DPD but major 194 mi
atch
*Mar 1 00:39:39.215: ISAKMP: Looking for a matching key for 1.1.1.1in d
ault : success
*Mar 1 00:39:39.219: ISAKMP (0:4): found peer pre-shared key matching 1.1.1.1
*Mar 1 00:39:39.219: ISAKMP (0:4) local preshared key found
*Mar 1 00:39:39.219: ISAKMP : Scanning profiles for xauth ...
*Mar 1 00:39:39.219: ISAKMP (0:4): Checking ISAKMP transform 1 against priori
1 policy
*Mar 1 00:39:39.219: ISAKMP: encryption 3DES-CBC
*Mar 1 00:39:39.219: ISAKMP: hash MD5
*Mar 1 00:39:39.219: ISAKMP: default group 1
*Mar 1 00:39:39.219: ISAKMP: auth pre-share
*Mar 1 00:39:39.219: ISAKMP: life type in seconds
*Mar 1 00:39:39.219: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80
*Mar 1 00:39:39.219: ISAKMP (0:4): atts are acceptable. Next payload is 0
*Mar 1 00:39:39.223: ISAKMP (0:4): Unable to generate DH phase I values!
*Mar 1 00:39:39.223: ISAKMP (0:4): Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAI
MODE
*Mar 1 00:39:39.223: ISAKMP (0:4): Old State = IKE_I_MM2 New State = IKE_I_M
*Mar 1 00:39:39.223: ISAKMP (0:4): sending packet to 1.1.1.1 my_port 500
eer_port 500 (I) MM_NO_STATE
*Mar 1 00:39:39.227: ISAKMP (0:4): Input = IKE_MESG_INTERNAL, IKE_PROCESS_ERR
*Mar 1 00:39:39.227: ISAKMP (0:4): Old State = IKE_I_MM2 New State = IKE_I_M
*Mar 1 00:39:47.207: ISAKMP (0:4): received packet from 1.1.1.1 dport 50
sport 500 Global (I) MM_NO_STATE
*Mar 1 00:39:47.207: ISAKMP (0:4): phase 1 packet is a duplicate of a previou
packet.
12-05-2004 01:00 PM
Hi,
Try to disable the crypto accelerator, by issuing "crypto eng accel dis" - you're probably hitting a bug. I've seen this issue on a C837.
Best regards,
/M
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide