10-29-2002 10:40 PM - edited 03-09-2019 12:52 AM
Hi Everybody,
Anybody heard of this problem? we are doing LAN2LAN connections with 3000 concentrators and have sucessfully got a large number going. But we are plagued by this error. It happens only occasionally. I couldn't find any reference to it all on the Cisco site here.
Sometimes it connects after a period of time othertimes it doesn't connect at all.
9891 10/30/2002 14:03:37.460 SEV=4 IKE/0 RPT=8136 x.x.x.x
Duplicate first packet detected!
Thanks heaps and regards
Matthew
10-29-2002 10:44 PM
Also i should mention the events that happen before hand:
9911 10/30/2002 14:08:15.420 SEV=4 IKE/0 RPT=8152 x.x.x.x
Duplicate first packet detected!
9920 10/30/2002 14:09:41.520 SEV=4 IKE/41 RPT=yyy.yyy.yyy.yyy.yyy
IKE Initiator: New Phase 1, Intf 2, IKE Peer xxx.xxx.xxx.xxx
local Proxy Address 202.64.25.195, remote Proxy Address xxx.xxx.xxx.xxx,
SA (L2L: xxxxxxxxxxx)
11-12-2002 06:10 PM
I am having a simular problem. I have a single 3015 concentrator and several 3002 hardware clients set up nation wide. I get the error randomly and infrequently on some of the systems, but one in particular seems to get the error more often and for a much longer duration. The only difference in that system and the others, that I currently know about, is that the network it is on will not renew it's DHCP leased IP address. It generaly reports the error and then logs on after 25-40 attempts. Today I changed the IKE sa rule to SHA and it seems that it is taking longer to connect than usual. I hope this helps, and if you find another soulution please tell me. Thanx
11-12-2002 08:28 PM
It usually occurs when packets timeout or there are routing problems in the network. Essentially the IKE exchange between the peers fails when this happens. In an IKE exchange the following happens:
1) IKE initator sends IKE MSG1
2) IKE responder sends MSG2 and is expecting MSG3 from initiator
3) IKE initiator sends MSG3 and the negotiation continues......and so on
The problem you are experiencing seems to be that the IKE responder
sends MSG2; the IKE initator never received MSG2 and transmits MSG1 again.
The IKE responder receives MSG1 ans says " hey, I already got that duplicate packet" and sends MSG2...and the cycle repeats a few more times (3) until the exchange stops..and thus tunnel fails to establish.
Nelson
07-29-2003 06:03 AM
I am Having a Duplicate Phase 1 Packet detected which sounds like this thread, The question is How do you fix it, Are there timing Parameters that can be changed to fix this?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide