Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1735
Views
0
Helpful
1
Replies

Cannot create a VPN Tunnel

ddisalvo
Level 1
Level 1

‎12-02-2004 08:43 PM - edited ‎02-20-2020 11:47 PM

I've configued the following router with the basic settings and I'm having issues.

crypto isakmp policy 1

encr 3des

hash md5

authentication pre-share

crypto isakmp key ABC123EXample address 1.1.1.1

!

!

crypto ipsec transform-set MLSSTORE747 esp-3des esp-md5-hmac

!

crypto map MLSSTORE747 1

set peer 1.1.1.1

set transform-set MLSSTORE747

match address 115

access-list 115 permit ip 10.101.4.0 0.0.0.63 any

ip route 0.0.0.0 0.0.0.0 Next_HOP

Some errors on debug crypto isakmp

Log Buffer (4096 bytes):

0:39:39.167: ISAKMP (0:4): sending packet to 1.1.1.1 my_port 500 peer_por

500 (I) MM_NO_STATE

*Mar 1 00:39:39.211: ISAKMP (0:4): received packet from 1.1.1.1 dport 50

sport 500 Global (I) MM_NO_STATE

*Mar 1 00:39:39.211: ISAKMP (0:4): Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH

*Mar 1 00:39:39.211: ISAKMP (0:4): Old State = IKE_I_MM1 New State = IKE_I_M

*Mar 1 00:39:39.215: ISAKMP (0:4): processing SA payload. message ID = 0

*Mar 1 00:39:39.215: ISAKMP (0:4): processing vendor id payload

*Mar 1 00:39:39.215: ISAKMP (0:4): vendor ID seems Unity/DPD but major 123 mi

atch

*Mar 1 00:39:39.215: ISAKMP (0:4): vendor ID is NAT-T v2

*Mar 1 00:39:39.215: ISAKMP (0:4): processing vendor id payload

*Mar 1 00:39:39.215: ISAKMP (0:4): vendor ID seems Unity/DPD but major 194 mi

atch

*Mar 1 00:39:39.215: ISAKMP: Looking for a matching key for 1.1.1.1in d

ault : success

*Mar 1 00:39:39.219: ISAKMP (0:4): found peer pre-shared key matching 1.1.1.1

*Mar 1 00:39:39.219: ISAKMP (0:4) local preshared key found

*Mar 1 00:39:39.219: ISAKMP : Scanning profiles for xauth ...

*Mar 1 00:39:39.219: ISAKMP (0:4): Checking ISAKMP transform 1 against priori

1 policy

*Mar 1 00:39:39.219: ISAKMP: encryption 3DES-CBC

*Mar 1 00:39:39.219: ISAKMP: hash MD5

*Mar 1 00:39:39.219: ISAKMP: default group 1

*Mar 1 00:39:39.219: ISAKMP: auth pre-share

*Mar 1 00:39:39.219: ISAKMP: life type in seconds

*Mar 1 00:39:39.219: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80

*Mar 1 00:39:39.219: ISAKMP (0:4): atts are acceptable. Next payload is 0

*Mar 1 00:39:39.223: ISAKMP (0:4): Unable to generate DH phase I values!

*Mar 1 00:39:39.223: ISAKMP (0:4): Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAI

MODE

*Mar 1 00:39:39.223: ISAKMP (0:4): Old State = IKE_I_MM2 New State = IKE_I_M

*Mar 1 00:39:39.223: ISAKMP (0:4): sending packet to 1.1.1.1 my_port 500

eer_port 500 (I) MM_NO_STATE

*Mar 1 00:39:39.227: ISAKMP (0:4): Input = IKE_MESG_INTERNAL, IKE_PROCESS_ERR

*Mar 1 00:39:39.227: ISAKMP (0:4): Old State = IKE_I_MM2 New State = IKE_I_M

*Mar 1 00:39:47.207: ISAKMP (0:4): received packet from 1.1.1.1 dport 50

sport 500 Global (I) MM_NO_STATE

*Mar 1 00:39:47.207: ISAKMP (0:4): phase 1 packet is a duplicate of a previou

packet.

0 Helpful
1 Reply 1

marcusl
Level 1
Level 1

‎12-05-2004 01:00 PM

Hi,

Try to disable the crypto accelerator, by issuing "crypto eng accel dis" - you're probably hitting a bug. I've seen this issue on a C837.

Best regards,

/M

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card