Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
346
Views
0
Helpful
2
Replies

3005 to IOS

jaypross
Level 1
Level 1

‎04-06-2003 08:25 AM - edited ‎03-09-2019 02:47 AM

I am trying to get a 3005 to establish a tunnel to an IOS box.

Here are some logs from the 3005 debug...

528 04/06/2003 08:16:20.380 SEV=9 AUTHDBG/70 RPT=2

Auth Server e44af4 has been unbound from ACB 1e0001c, sessions = 0

529 04/06/2003 08:16:20.380 SEV=8 AUTHDBG/10 RPT=2

AUTH_Int_FreeAuthCB(1e0001c)

530 04/06/2003 08:16:20.380 SEV=7 AUTH/13 RPT=2

Authentication session closed: handle = 1

531 04/06/2003 08:16:20.670 SEV=8 IKEDECODE/0 RPT=25 198.93.156.3

ISAKMP HEADER : ( Version 1.0 )

Initiator Cookie(8): BB 10 96 7D C9 4E 9F E7

Responder Cookie(8): DF C5 C1 AD C4 5E 78 8A

Next Payload : HASH (8)

Exchange Type : Oakley Quick Mode

Flags : 1 (ENCRYPT )

Message ID : 8d99e9f3

Length : 188

538 04/06/2003 08:16:20.670 SEV=8 IKEDBG/0 RPT=82 198.93.156.3

RECEIVED Message (msgid=8d99e9f3) with payloads :

HDR + HASH (8) + SA (1) + NONCE (10) + ID (5) + ID (5) + NOTIFY (11) + NONE (0)

total length : 180

Has anybody ever gotten this to work?

Labels:
0 Helpful
2 Replies 2

jaypross
Level 1
Level 1

‎04-06-2003 09:10 AM

Debug logs from the IOS side

003062: 13:23:05: ISAKMP (0:6): purging SA., sa=62FA68FC, delme=62FA68FC

003063: 13:23:05: CryptoEngine0: delete connection 6

003064: 13:23:05: CryptoEngine0: CRYPTO_ISA_SA_DELETE(hw)(ipsec)

003065: 13:23:05: CryptoEngine0: delete connection 6

003066: 13:23:07: ISAKMP (0:7): received packet from 198.93.159.3 (I) QM_IDLE

003067: 13:23:07: CryptoEngine0: CRYPTO_ISA_IKE_DECRYPT(hw)(ipsec)

003068: 13:23:07: CryptoEngine0: generate hmac context for conn id 7

003069: 13:23:07: CryptoEngine0: CRYPTO_ISA_IKE_HMAC(hw)(ipsec)

003070: 13:23:07: ISAKMP (0:7): processing HASH payload. message ID = 1146638709

003071: 13:23:07: ISAKMP (0:7): processing DELETE payload. message ID = 11466387

09

003072: 13:23:07: ISAKMP (0:7): peer does not do paranoid keepalives.

003073: 13:23:07: ISAKMP (0:7): deleting node 1146638709 error FALSE reason "inf

ormational (in) state 1"

003074: 13:23:07: ISAKMP (0:7): Input = IKE_MESG_FROM_PEER, IKE_INFO_DELETE

Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE

003075: 13:23:07: ISAKMP (0:8): purging node 100996465

003076: 13:23:16: IPSEC(decapsulate): error in decapsulation crypto_ipsec_input

003077: 13:23:18: ISAKMP (0:9): purging node 354523817

003078: 13:23:18: ISAKMP (0:8): purging node -557896245

0 Helpful

afakhan
Level 4
Level 4
In response to jaypross

‎04-07-2003 10:28 PM

Hi,

please post complete debugs from the router, and vpn3k, u can follow a sample config here:

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008009482e.shtml

Thx

Afaq

0 Helpful
Customers Also Viewed These Support Documents