Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
24273
Views
10
Helpful
13
Replies

%CRYPTO-6-IKMP_MODE_FAILURE: Processing of Informational mode failed with p

vyelmene
Level 1
Level 1

‎02-06-2002 06:07 PM - edited ‎03-08-2019 09:45 PM

Has anyone ran across this error message: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Informational mode failed with peer at x.x.x.x? I've seen similar ones, but not the 'informational' mode. I'm also getting this message; ISAKMP (1): sending packet to x.x.x.x (I) MM_NO_STATE.

Any help would be great.

Thanks.

1 person had this problem
Labels:
0 Helpful
13 Replies 13

vyelmene
Level 1
Level 1

‎02-07-2002 06:03 PM

Disregard, I have fixed my problems.

0 Helpful

hakenkreuz
Level 1
Level 1
In response to vyelmene

‎08-28-2017 03:24 PM

How did you fix it? I´m getting the same error on a Dual Hub Single Layout DMVPN even if I copy paste the same crypto info in all my hubs and spokes.

0 Helpful

MSD1001
Level 1
Level 1
In response to vyelmene

‎05-29-2020 07:16 AM

HI , please help me out with the solution. I am working on an office project and implemented cluster dmvpn. Though the tunnel is up, i keep getting this message.

0 Helpful

MSD1001
Level 1
Level 1
In response to vyelmene

‎05-29-2020 07:17 AM

plz help !
0 Helpful

MSD1001
Level 1
Level 1
In response to vyelmene

‎05-29-2020 08:01 AM

Please help me with the solution.
0 Helpful

CiscoPurpleBelt
Level 6
Level 6
In response to MSD1001

‎06-17-2020 05:25 PM

Hey check your policies and especially the keys on both sides, its probably because something is not matching.
0 Helpful

Wizard4777
Level 1
Level 1
In response to CiscoPurpleBelt

‎10-03-2021 04:03 PM

all keys are the same. the hub is not displaying isakmp is on when applied to interface

0 Helpful

cord o
Level 1
Level 1
In response to MSD1001

‎06-28-2020 08:04 PM

As others have mentioned, double check that your keys and transform sets are matching on both ends.

 

During after hours try running debug crypto ipsec

0 Helpful

Wizard4777
Level 1
Level 1
In response to vyelmene

‎10-03-2021 04:01 PM

what was the fix? i have the same issue too

0 Helpful

arpgaur
Cisco Employee
Cisco Employee

‎09-30-2021 03:05 AM - edited ‎09-30-2021 03:07 AM

Run  sh crypto isakmp sa to check if the phase 1 tunnel is up.

 

this message has more to do with the phase -2 tunnel. once the first one is checked check the phase 2 tunnel. 

 

start a ping from host A to host B

run >> #sh crypto ipsec sa. And check if we're getting any packets encrypted/decrypted. my bet would be, you won't see any packet being encrypted.

 

now, run> sh crypto map for routers on both the ends and check if we have the correct configuration on both the devices, and by that, I mean.

 

1> peers IP are correct (common issue)

2> ACL's are correct, both routers are correct identifying the source and destination IP (most common issue)

3> crypto map is applied on the correct interface.

 

it's basically a configuration mismatch and a closer look should resolve this issue.

 

rackaraaron
Level 1
Level 1
In response to arpgaur

‎08-19-2022 07:05 PM

Hello, I am new with the IPsec configs but am studying as part of the ENCOR.
Here is a brief story:
After configuring a GRE tunnel I decided to use crypto map to add IPsec. 
The GRE tunnel was fine. The underlay protocol was eigrp and after establishing the tunnel I decided to advertise the loopbacks and the LAN networks on the remote host through OSPF over the tunnel which worked fine. 

The moment I applied the crypto map to the outside interface, I got the error below:
R4(config-if)#crypto map MYMAP
R4(config-if)#
*Aug 20 01:04:21.437: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON
R4(config-if)#
*Aug 20 01:04:25.495: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Informational mode failed with peer at 10.10.1.1
R4(config-if)#
*Aug 20 01:04:36.564: %OSPF-5-ADJCHG: Process 1, Nbr 0.0.1.1 on Tunnel0 from FULL to DOWN, Neighbor Down: Dead timer expired
R4(config-if)#
*Aug 20 01:05:32.148: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Informational mode failed with peer at 10.10.1.1
R4(config-if)#
*Aug 20 01:06:38.663: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Informational mode failed with peer at 10.10.1.1
R4(config-if)#
*Aug 20 01:07:43.336: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Informational mode failed with peer at 10.10.1.1
after reading your comment on this post, I issued the command sh crypto ipsec sa and I got a strange result as shown in the attachment.

In the end I noticed that I forgot to configure the pre-shared key on R1 which fixed the issue. 

Your post has opened my mind to troubleshoot my issue.

Thanks. 

Preview file
120 KB
Preview file
27 KB

MHM Cisco World
VIP
VIP
In response to rackaraaron

‎08-22-2022 06:35 AM

share the config I will check it 

0 Helpful

SDhaliwal
Level 1
Level 1

‎04-11-2024 07:35 PM - edited ‎04-11-2024 09:27 PM

I ran into the same issue while working GRE over IPsec lab. The issue I ran into was misconfiguration of key command, make sure to verify that the key matches on both end and also verify peer IP address when you configure isakmp key. 

crypto isakmp key <key> address <peer-ip>. 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents