- Cisco Community
- Technology and Support
- Networking
- Routing
- CRYPTO-4-IKMP_BAD_MESSAGE: IKE message from <PEER IP> failed its sanity check or is malformed
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
CRYPTO-4-IKMP_BAD_MESSAGE: IKE message from <PEER IP> failed its sanity check or is malformed
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-08-2016 02:52 AM - edited 03-05-2019 03:45 AM
Hi All,
Can you please advice me on below?
There is a site to site VPN between C891F-K9 router and ASA5545 which goes down once in some days (say 12 or 15 days). No one touches either the router or firewall by any means, it just goes down not sure why.
Tunnel just goes down without any reason.
We login to router, check all basic things like below.
Router CPU is fine.
CPU utilization for five seconds: 1/0; one minute: 1; five minutes: 1
able to ping internet IP
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/30/32 ms
able to ping peer IP
Sending 5, 100-byte ICMP Echos to PEER IP , timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/33/36 ms
There is no crypto configuration problem in either router or ASA.
I am saying there is no problem in ASA because it has got many other tunnels which are stable since very long time.
There is no problem with router configuration because tunnel comes up as soon as we reboot router.
c800-universalk9-mz.SPA.153-3.M5.bin" is IOS we are using in router.
-------------------------------------------------------------------------------------------------------------------------
SH CRYpto session
Crypto session current status
Interface: FastEthernet0
Session status: DOWN
Peer: peer ip port 500
IPSEC FLOW: permit 47 host 10.210.253.150 host 10.210.253.151
Active SAs: 0, origin: crypto map
Interface: FastEthernet0
Session status: UP-IDLE
Peer: peer ip port 4500
Session ID: 0
IKEv1 SA: local 192.168.1.2/4500 remote peer ip /4500 Active
Session ID: 0
IKEv1 SA: local 192.168.1.2/4500 remote peer ip /4500 Active
Session ID: 0
IKEv1 SA: local 192.168.1.2/4500 remote peer ip /4500 Inactive
-----------------------------------------------------------------------------------------------------------------------------
show crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst src state conn-id status
192.168.1.2 peer IP QM_IDLE 2079 ACTIVE
192.168.1.2 peer ip MM_NO_STATE 2078 ACTIVE (deleted)
192.168.1.2 peer ip MM_NO_STATE 2077 ACTIVE (deleted)
IPv6 Crypto ISAKMP SA
show crypto ipsec sa
interface: FastEthernet0
Crypto map tag: VPN, local addr 192.168.1.2
protected vrf: (none)
local ident (addr/mask/prot/port): (10.210.253.150/255.255.255.255/47/0)
remote ident (addr/mask/prot/port): (10.210.253.151/255.255.255.255/47/0)
current_peer peer ip port 500
PERMIT, flags={origin_is_acl,ipsec_sa_request_sent}
pkts encaps: 4973984, pkts encrypt: 4973984, pkts digest: 4973984
pkts decaps: 3043024, pkts decrypt: 3043024, pkts verify: 3043024
pkts compressed: 0, pkts decompressed: 0
pkts not compressed: 0, pkts compr. failed: 0
pkts not decompressed: 0, pkts decompress failed: 0
send errors 608, recv errors 0
local crypto endpt.: 192.168.1.2, remote crypto endpt.: peer IP
plaintext mtu 1438, path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0
current outbound spi: 0x0(0)
PFS (Y/N): N, DH group: none
inbound esp sas:
inbound ah sas:
inbound pcp sas:
outbound esp sas:
outbound ah sas:
outbound pcp sas:
----------------------------------------------------------------------------------------------------------------------------
when it goes down we get the following error.
Apr 8 09:21:09.924: CRYPTO-4-IKMP_BAD_MESSAGE: IKE message from PEER IP failed its sanity check or is malformed
Apr 8 09:22:29.920: RYPTO-4-IKMP_BAD_MESSAGE: IKE message from PEER IP failed its sanity check or is malformed
Apr 8 09:23:49.928: CRYPTO-4-IKMP_BAD_MESSAGE: IKE message from PEER IP failed its sanity check or is malformed
Apr 8 09:25:09.924: CRYPTO-4-IKMP_BAD_MESSAGE: IKE message from PEER IP failed its sanity check or is malformed
Apr 8 09:26:29.920: CRYPTO-4-IKMP_BAD_MESSAGE: IKE message from PEER IP failed its sanity check or is malformed
Apr 8 09:27:49.920: CRYPTO-4-IKMP_BAD_MESSAGE: IKE message from PEER IP failed its sanity check or is malformed
------------------------------------------------------------------------------------------------------------------------------
I ran debugs too debug crypto isakmp and debug crypto ipsec and below are the logs.
Apr 8 09:17:22.432: ISAKMP:(2054): retransmitting phase 1 QM_IDLE ...
Apr 8 09:17:22.432: ISAKMP (2054): incrementing error counter on sa, attempt 5 of 5: retransmit phase 1
Apr 8 09:17:22.432: ISAKMP:(2054): retransmitting phase 1 QM_IDLE
Apr 8 09:17:22.432: ISAKMP:(2054): sending packet to PEER IP my_port 4500 peer_port 4500 (R) QM_IDLE
Apr 8 09:17:22.432: ISAKMP:(2054):Sending an IKE IPv4 Packet.
Apr 8 09:17:25.928: ISAKMP (2055): received packet from PEER IP dport 4500 sport 4500 Global (R) QM_IDLE
Apr 8 09:17:25.928: ISAKMP:(2055): phase 1 packet is a duplicate of a previous packet.
Apr 8 09:17:25.928: ISAKMP:(2055): retransmitting due to retransmit phase 1
Apr 8 09:17:26.428: ISAKMP:(2055): retransmitting phase 1 QM_IDLE ...
Apr 8 09:17:26.428: ISAKMP (2055): incrementing error counter on sa, attempt 1 of 5: retransmit phase 1
Apr 8 09:17:26.428: ISAKMP:(2055): retransmitting phase 1 QM_IDLE
Apr 8 09:17:26.428: ISAKMP:(2055): sending packet to PEER IP my_port 4500 peer_port 4500 (R) QM_IDLE
Apr 8 09:17:26.428: ISAKMP:(2055):Sending an IKE IPv4 Packet.
Apr 8 09:17:29.512: ISAKMP:(2054): retransmitting phase 2 QM_IDLE -275970509 ...
Apr 8 09:17:29.512: ISAKMP (2054): incrementing error counter on node, attempt 4 of 5: retransmit phase 2
Apr 8 09:17:29.512: ISAKMP:(2054): retransmitting phase 2 -275970509 QM_IDLE
Apr 8 09:17:29.512: ISAKMP:(2054): sending packet to PEER IP my_port 4500 peer_port 4500 (R) QM_IDLE
Apr 8 09:17:29.512: ISAKMP:(2054):Sending an IKE IPv4 Packet.
Apr 8 09:17:29.512: ISAKMP:(2055): retransmitting phase 2 QM_IDLE 1209650392 ...
Apr 8 09:17:29.512: ISAKMP (2055): incrementing error counter on node, attempt 1 of 5: retransmit phase 2
Apr 8 09:17:29.512: ISAKMP:(2055): retransmitting phase 2 1209650392 QM_IDLE
Apr 8 09:17:29.512: ISAKMP:(2055): sending packet to PEER IP my_port 4500 peer_port 4500 (R) QM_IDLE
Apr 8 09:17:29.512: ISAKMP:(2055):Sending an IKE IPv4 Packet.
Apr 8 09:17:32.432: ISAKMP:(2054): retransmitting phase 1 QM_IDLE ...
Apr 8 09:17:32.432: ISAKMP:(2054):peer does not do paranoid keepalives.
Apr 8 09:17:32.432: ISAKMP:(2054):deleting SA reason "Death by retransmission P1" state (R) QM_IDLE (peer PEER IP )
Apr 8 09:17:32.432: ISAKMP: set new node -1732548025 to QM_IDLE
Apr 8 09:17:32.432: ISAKMP:(2054): sending packet to PEER IP my_port 4500 peer_port 4500 (R) QM_IDLE
Apr 8 09:17:32.432: ISAKMP:(2054):Sending an IKE IPv4 Packet.
Apr 8 09:17:32.432: ISAKMP:(2054):purging node -1732548025
Apr 8 09:17:32.432: ISAKMP:(2054):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
Apr 8 09:17:32.432: ISAKMP:(2054):Old State = IKE_P1_COMPLETE New State = IKE_DEST_SA
Apr 8 09:17:32.432: ISAKMP:(2054):deleting SA reason "Death by retransmission P1" state (R) QM_IDLE (peer PEER IP )
Apr 8 09:17:32.432: ISAKMP: Unlocking peer struct 0x34835BC for isadb_mark_sa_deleted(), count 1
Apr 8 09:17:32.432: ISAKMP:(2054):deleting node -275970509 error FALSE reason "IKE deleted"
Apr 8 09:17:32.432: ISAKMP:(2054):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
Apr 8 09:17:32.432: ISAKMP:(2054):Old State = IKE_DEST_SA New State = IKE_DEST_SA
Apr 8 09:17:33.924: ISAKMP (2055): received packet from PEER IP dport 4500 sport 4500 Global (R) QM_IDLE
Apr 8 09:17:33.924: ISAKMP:(2055): phase 1 packet is a duplicate of a previous packet.
Apr 8 09:17:33.924: ISAKMP:(2055): retransmitting due to retransmit phase 1
Apr 8 09:17:34.424: ISAKMP:(2055): retransmitting phase 1 QM_IDLE ...
Apr 8 09:17:34.424: ISAKMP (2055): incrementing error counter on sa, attempt 2 of 5: retransmit phase 1
Apr 8 09:17:34.424: ISAKMP:(2055): retransmitting phase 1 QM_IDLE
Apr 8 09:17:34.424: ISAKMP:(2055): sending packet to PEER IP my_port 4500 peer_port 4500 (R) QM_IDLE
Apr 8 09:17:34.424: ISAKMP:(2055):Sending an IKE IPv4 Packet.
Apr 8 09:17:39.512: ISAKMP:(2055): retransmitting phase 2 QM_IDLE 1209650392 ...
Apr 8 09:17:39.512: ISAKMP (2055): incrementing error counter on node, attempt 2 of 5: retransmit phase 2
Apr 8 09:17:39.512: ISAKMP:(2055): retransmitting phase 2 1209650392 QM_IDLE
Apr 8 09:17:39.512: ISAKMP:(2055): sending packet to PEER IP my_port 4500 peer_port 4500 (R) QM_IDLE
Apr 8 09:17:39.512: ISAKMP:(2055):Sending an IKE IPv4 Packet.
Apr 8 09:17:41.924: ISAKMP (2055): received packet from PEER IP dport 4500 sport 4500 Global (R) QM_IDLE
Apr 8 09:17:41.924: ISAKMP:(2055): phase 1 packet is a duplicate of a previous packet.
Apr 8 09:17:41.924: ISAKMP:(2055): retransmitting due to retransmit phase 1
Apr 8 09:17:42.356: ISAKMP:(2053):purging node -1023188101
Apr 8 09:17:42.424: ISAKMP:(2055): retransmitting phase 1 QM_IDLE ...
Apr 8 09:17:42.424: ISAKMP (2055): incrementing error counter on sa, attempt 3 of 5: retransmit phase 1
Apr 8 09:17:42.424: ISAKMP:(2055): retransmitting phase 1 QM_IDLE
Apr 8 09:17:42.424: ISAKMP:(2055): sending packet to PEER IP my_port 4500 peer_port 4500 (R) QM_IDLE
Apr 8 09:17:42.424: ISAKMP:(2055):Sending an IKE IPv4 Packet.
Apr 8 09:17:49.528: IPSEC:(SESSION ID = 241) (key_engine) request timer fired: count = 1,
(identity) local= 192.168.1.2:0, remote= PEER IP :0,
local_proxy= 10.210.253.150/255.255.255.255/47/0,
remote_proxy= 10.210.253.151/255.255.255.255/47/0
Apr 8 09:17:49.528: IPSEC(sa_request): ,
(key eng. msg.) OUTBOUND local= 192.168.1.2:500, remote= PEER IP :500,
local_proxy= 10.210.253.150/255.255.255.255/47/0,
remote_proxy= 10.210.253.151/255.255.255.255/47/0,
protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel),
lifedur= 3600s and 4608000kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x0
Apr 8 09:17:49.528: ISAKMP: set new node 0 to QM_IDLE
Apr 8 09:17:49.528: SA has outstanding requests (local 14.226.195.64 port 4500, remote 14.226.195.92 port 4500)
Apr 8 09:17:49.528: ISAKMP:(2055): sitting IDLE. Starting QM immediately (QM_IDLE )
Apr 8 09:17:49.528: ISAKMP:(2055):beginning Quick Mode exchange, M-ID of 767481015
Apr 8 09:17:49.528: ISAKMP:(2055):QM Initiator gets spi
Apr 8 09:17:49.528: ISAKMP:(2055): sending packet to PEER IP my_port 4500 peer_port 4500 (R) QM_IDLE
Apr 8 09:17:49.528: ISAKMP:(2055):Sending an IKE IPv4 Packet.
Apr 8 09:17:49.528: ISAKMP:(2055):Node 767481015, Input = IKE_MESG_INTERNAL, IKE_INIT_QM
Apr 8 09:17:49.528: ISAKMP:(2055):Old State = IKE_QM_READY New State = IKE_QM_I_QM1
Apr 8 09:17:49.528: ISAKMP:(2055): retransmitting phase 2 QM_IDLE 1209650392 ...
Apr 8 09:17:49.528: ISAKMP (2055): incrementing error counter on node, attempt 3 of 5: retransmit phase 2
Apr 8 09:17:49.528: ISAKMP:(2055): retransmitting phase 2 1209650392 QM_IDLE
Apr 8 09:17:49.528: ISAKMP:(2055): sending packet to PEER IP my_port 4500 peer_port 4500 (R) QM_IDLE
Apr 8 09:17:49.528: ISAKMP:(2055):Sending an IKE IPv4 Packet.
Apr 8 09:17:49.924: ISAKMP (2055): received packet from PEER IP dport 4500 sport 4500 Global (R) QM_IDLE
Apr 8 09:17:49.924: ISAKMP: set new node 1978261464 to QM_IDLE
Apr 8 09:17:49.924: ISAKMP: reserved not zero on HASH payload!
Apr 8 09:17:49.924: ISAKMP:(2055):deleting node 1978261464 error TRUE reason "Invalid payload"
Apr 8 09:17:52.356: ISAKMP:(2053):purging SA., sa=2D0D468, delme=2D0D468
Apr 8 09:17:52.424: ISAKMP:(2055): retransmitting phase 1 QM_IDLE ...
Apr 8 09:17:52.424: ISAKMP (2055): incrementing error counter on sa, attempt 4 of 5: retransmit phase 1
Apr 8 09:17:52.424: ISAKMP:(2055): retransmitting phase 1 QM_IDLE
Apr 8 09:17:52.424: ISAKMP:(2055): sending packet to PEER IP my_port 4500 peer_port 4500 (R) QM_IDLE
Apr 8 09:17:52.424: ISAKMP:(2055):Sending an IKE IPv4 Packet.
Apr 8 09:17:57.860: ISAKMP (0): received packet from PEER IP dport 500 sport 500 Global (N) NEW SA
Apr 8 09:17:57.860: ISAKMP: Created a peer struct for PEER IP , peer port 500
Apr 8 09:17:57.860: ISAKMP: New peer created peer = 0x2CE4938 peer_handle = 0x800006CC
Apr 8 09:17:57.860: ISAKMP: Locking peer struct 0x2CE4938, refcount 1 for crypto_isakmp_process_block
Apr 8 09:17:57.860: ISAKMP: local port 500, remote port 500
Apr 8 09:17:57.860: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 2D073AC
Apr 8 09:17:57.860: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
Apr 8 09:17:57.860: ISAKMP:(0):Old State = IKE_READY New State = IKE_R_MM1
Apr 8 09:17:57.860: ISAKMP:(0): processing SA payload. message ID = 0
Apr 8 09:17:57.860: ISAKMP:(0): processing vendor id payload
Apr 8 09:17:57.860: ISAKMP:(0): vendor ID seems Unity/DPD but major 123 mismatch
Apr 8 09:17:57.860: ISAKMP:(0): vendor ID is NAT-T v2
Apr 8 09:17:57.860: ISAKMP:(0): processing vendor id payload
Apr 8 09:17:57.860: ISAKMP:(0): vendor ID seems Unity/DPD but major 157 mismatch
Apr 8 09:17:57.860: ISAKMP:(0): vendor ID is NAT-T v3
Apr 8 09:17:57.860: ISAKMP:(0): processing vendor id payload
Apr 8 09:17:57.860: ISAKMP:(0): vendor ID seems Unity/DPD but major 69 mismatch
Apr 8 09:17:57.860: ISAKMP (0): vendor ID is NAT-T RFC 3947
Apr 8 09:17:57.860: ISAKMP:(0): processing vendor id payload
Apr 8 09:17:57.860: ISAKMP:(0): processing IKE frag vendor id payload
Apr 8 09:17:57.860: ISAKMP:(0):Support for IKE Fragmentation not enabled
Apr 8 09:17:57.860: ISAKMP:(0):found peer pre-shared key matching PEER IP
Apr 8 09:17:57.860: ISAKMP:(0): local preshared key found
Apr 8 09:17:57.860: ISAKMP : Scanning profiles for xauth ...
Apr 8 09:17:57.860: ISAKMP:(0):Checking ISAKMP transform 1 against priority 10 policy
Apr 8 09:17:57.860: ISAKMP: default group 5
Apr 8 09:17:57.860: ISAKMP: encryption AES-CBC
Apr 8 09:17:57.860: ISAKMP: keylength of 256
Apr 8 09:17:57.860: ISAKMP: hash SHA
Apr 8 09:17:57.860: ISAKMP: auth pre-share
Apr 8 09:17:57.860: ISAKMP: life type in seconds
Apr 8 09:17:57.860: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80
Apr 8 09:17:57.860: ISAKMP:(0):Encryption algorithm offered does not match policy!
Apr 8 09:17:57.860: ISAKMP:(0):atts are not acceptable. Next payload is 3
Apr 8 09:17:57.860: ISAKMP:(0):Checking ISAKMP transform 2 against priority 10 policy
Apr 8 09:17:57.860: ISAKMP: default group 2
Apr 8 09:17:57.860: ISAKMP: encryption 3DES-CBC
Apr 8 09:17:57.860: ISAKMP: hash SHA
Apr 8 09:17:57.860: ISAKMP: auth pre-share
Apr 8 09:17:57.860: ISAKMP: life type in seconds
Apr 8 09:17:57.860: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80
Apr 8 09:17:57.860: ISAKMP:(0):atts are acceptable. Next payload is 3
Apr 8 09:17:57.860: ISAKMP:(0):Acceptable atts:actual life: 86400
Apr 8 09:17:57.860: ISAKMP:(0):Acceptable atts:life: 0
Apr 8 09:17:57.860: ISAKMP:(0):Fill atts in sa vpi_length:4
Apr 8 09:17:57.860: ISAKMP:(0):Fill atts in sa life_in_seconds:86400
Apr 8 09:17:57.860: ISAKMP:(0):Returning Actual lifetime: 86400
Apr 8 09:17:57.860: ISAKMP:(0)::Started lifetime timer: 86400.
Apr 8 09:17:57.860: ISAKMP:(0): processing vendor id payload
Apr 8 09:17:57.860: ISAKMP:(0): vendor ID seems Unity/DPD but major 123 mismatch
Apr 8 09:17:57.860: ISAKMP:(0): vendor ID is NAT-T v2
Apr 8 09:17:57.860: ISAKMP:(0): processing vendor id payload
Apr 8 09:17:57.860: ISAKMP:(0): vendor ID seems Unity/DPD but major 157 mismatch
Apr 8 09:17:57.860: ISAKMP:(0): vendor ID is NAT-T v3
Apr 8 09:17:57.860: ISAKMP:(0): processing vendor id payload
Apr 8 09:17:57.860: ISAKMP:(0): vendor ID seems Unity/DPD but major 69 mismatch
Apr 8 09:17:57.860: ISAKMP (0): vendor ID is NAT-T RFC 3947
Apr 8 09:17:57.860: ISAKMP:(0): processing vendor id payload
Apr 8 09:17:57.860: ISAKMP:(0): processing IKE frag vendor id payload
Apr 8 09:17:57.860: ISAKMP:(0):Support for IKE Fragmentation not enabled
Apr 8 09:17:57.860: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
Apr 8 09:17:57.860: ISAKMP:(0):Old State = IKE_R_MM1 New State = IKE_R_MM1
Apr 8 09:17:57.860: ISAKMP:(0): constructed NAT-T vendor-rfc3947 ID
Apr 8 09:17:57.860: ISAKMP:(0): sending packet to PEER IP my_port 500 peer_port 500 (R) MM_SA_SETUP
Apr 8 09:17:57.860: ISAKMP:(0):Sending an IKE IPv4 Packet.
Apr 8 09:17:57.860: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
Apr 8 09:17:57.860: ISAKMP:(0):Old State = IKE_R_MM1 New State = IKE_R_MM2
Apr 8 09:17:57.896: ISAKMP (0): received packet from PEER IP dport 500 sport 500 Global (R) MM_SA_SETUP
Apr 8 09:17:57.896: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
Apr 8 09:17:57.896: ISAKMP:(0):Old State = IKE_R_MM2 New State = IKE_R_MM3
Apr 8 09:17:57.896: ISAKMP:(0): processing KE payload. message ID = 0
Apr 8 09:17:57.900: ISAKMP:(0): processing NONCE payload. message ID = 0
Apr 8 09:17:57.900: ISAKMP:(0):found peer pre-shared key matching PEER IP
Apr 8 09:17:57.900: ISAKMP:(2056): processing vendor id payload
Apr 8 09:17:57.900: ISAKMP:(2056): vendor ID is Unity
Apr 8 09:17:57.900: ISAKMP:(2056): processing vendor id payload
Apr 8 09:17:57.900: ISAKMP:(2056): vendor ID seems Unity/DPD but major 27 mismatch
Apr 8 09:17:57.900: ISAKMP:(2056): vendor ID is XAUTH
Apr 8 09:17:57.900: ISAKMP:(2056): processing vendor id payload
Apr 8 09:17:57.900: ISAKMP:(2056): speaking to another IOS box!
Apr 8 09:17:57.900: ISAKMP:(2056): processing vendor id payload
Apr 8 09:17:57.900: ISAKMP:(2056):vendor ID seems Unity/DPD but hash mismatch
Apr 8 09:17:57.900: ISAKMP:received payload type 20
Apr 8 09:17:57.900: ISAKMP (2056): NAT found, both nodes inside NAT
Apr 8 09:17:57.900: ISAKMP:received payload type 20
Apr 8 09:17:57.900: ISAKMP (2056): My hash no match - this node inside NAT
Apr 8 09:17:57.900: ISAKMP:(2056):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
Apr 8 09:17:57.900: ISAKMP:(2056):Old State = IKE_R_MM3 New State = IKE_R_MM3
Apr 8 09:17:57.900: ISAKMP:(2056): sending packet to PEER IP my_port 500 peer_port 500 (R) MM_KEY_EXCH
Apr 8 09:17:57.900: ISAKMP:(2056):Sending an IKE IPv4 Packet.
Apr 8 09:17:57.900: ISAKMP:(2056):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
Apr 8 09:17:57.900: ISAKMP:(2056):Old State = IKE_R_MM3 New State = IKE_R_MM4
Apr 8 09:17:57.940: ISAKMP (2056): received packet from PEER IP dport 4500 sport 4500 Global (R) MM_KEY_EXCH
Apr 8 09:17:57.940: ISAKMP:(2056):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
Apr 8 09:17:57.940: ISAKMP:(2056):Old State = IKE_R_MM4 New State = IKE_R_MM5
Apr 8 09:17:57.940: ISAKMP:(2056): processing ID payload. message ID = 0
Apr 8 09:17:57.940: ISAKMP (2056): ID payload
next-payload : 8
type : 1
address : PEER IP
protocol : 17
port : 0
length : 12
Apr 8 09:17:57.940: ISAKMP:(0):: peer matches *none* of the profiles
Apr 8 09:17:57.940: ISAKMP:(2056): processing HASH payload. message ID = 0
Apr 8 09:17:57.940: ISAKMP:received payload type 17
Apr 8 09:17:57.940: ISAKMP:(2056): processing vendor id payload
Apr 8 09:17:57.940: ISAKMP:(2056): vendor ID is DPD
Apr 8 09:17:57.940: ISAKMP:(2056):SA authentication status:
authenticated
Apr 8 09:17:57.940: ISAKMP:(2056):SA has been authenticated with PEER IP
Apr 8 09:17:57.940: ISAKMP:(2056):Detected port floating to port = 4500
Apr 8 09:17:57.940: ISAKMP: Trying to insert a peer 192.168.1.2/ PEER IP /4500/, and found existing one 34835BC to reuse, free 2CE4938
Apr 8 09:17:57.940: ISAKMP: Unlocking peer struct 0x2CE4938 Reuse existing peer, count 0
Apr 8 09:17:57.940: ISAKMP: Deleting peer node by peer_reap for PEER IP : 2CE4938
Apr 8 09:17:57.940: ISAKMP: Locking peer struct 0x34835BC, refcount 2 for Reuse existing peer
Apr 8 09:17:57.940: ISAKMP:(2056):Setting UDP ENC peer struct 0x0 sa= 0x2D073AC
Apr 8 09:17:57.940: ISAKMP:(2056):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
Apr 8 09:17:57.940: ISAKMP:(2056):Old State = IKE_R_MM5 New State = IKE_R_MM5
Apr 8 09:17:57.940: ISAKMP:(2056):SA is doing pre-shared key authentication using id type ID_IPV4_ADDR
Apr 8 09:17:57.940: ISAKMP (2056): ID payload
next-payload : 8
type : 1
address : 192.168.1.2
protocol : 17
port : 0
length : 12
Apr 8 09:17:57.940: ISAKMP:(2056):Total payload length: 12
Apr 8 09:17:57.940: ISAKMP:(2056):Returning Actual lifetime: 86400
Apr 8 09:17:57.940: ISAKMP:(2056): sending packet to PEER IP my_port 4500 peer_port 4500 (R) MM_KEY_EXCH
Apr 8 09:17:57.940: ISAKMP:(2056):Sending an IKE IPv4 Packet.
Apr 8 09:17:57.940: ISAKMP:(2056):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
Apr 8 09:17:57.940: ISAKMP:(2056):Old State = IKE_R_MM5 New State = IKE_P1_COMPLETE
Apr 8 09:17:57.940: ISAKMP:(2056):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE
Apr 8 09:17:57.940: ISAKMP:(2056):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
Apr 8 09:17:59.528: ISAKMP:(2055): retransmitting phase 2 QM_IDLE 767481015 ...
Apr 8 09:17:59.528: ISAKMP (2055): incrementing error counter on node, attempt 1 of 5: retransmit phase 2
Apr 8 09:17:59.528: ISAKMP:(2055): retransmitting phase 2 767481015 QM_IDLE
Apr 8 09:17:59.528: ISAKMP:(2055): sending packet to PEER IP my_port 4500 peer_port 4500 (R) QM_IDLE
Apr 8 09:17:59.528: ISAKMP:(2055):Sending an IKE IPv4 Packet.
Apr 8 09:17:59.528: ISAKMP:(2055): retransmitting phase 2 QM_IDLE 1209650392 ...
Apr 8 09:17:59.528: ISAKMP (2055): incrementing error counter on node, attempt 4 of 5: retransmit phase 2
Apr 8 09:17:59.528: ISAKMP:(2055): retransmitting phase 2 1209650392 QM_IDLE
Apr 8 09:17:59.528: ISAKMP:(2055): sending packet to PEER IP my_port 4500 peer_port 4500 (R) QM_IDLE
Apr 8 09:17:59.528: ISAKMP:(2055):Sending an IKE IPv4 Packet.
Apr 8 09:17:59.928: ISAKMP:(2054):purging node 440364391
Apr 8 09:18:02.424: ISAKMP:(2055): retransmitting phase 1 QM_IDLE ...
Apr 8 09:18:02.424: ISAKMP (2055): incrementing error counter on sa, attempt 5 of 5: retransmit phase 1
Apr 8 09:18:02.424: ISAKMP:(2055): retransmitting phase 1 QM_IDLE
Apr 8 09:18:02.424: ISAKMP:(2055): sending packet to PEER IP my_port 4500 peer_port 4500 (R) QM_IDLE
Apr 8 09:18:02.424: ISAKMP:(2055):Sending an IKE IPv4 Packet.
Apr 8 09:18:05.932: ISAKMP (2056): received packet from PEER IP dport 4500 sport 4500 Global (R) QM_IDLE
Apr 8 09:18:05.932: ISAKMP:(2056): phase 1 packet is a duplicate of a previous packet.
Apr 8 09:18:05.932: ISAKMP:(2056): retransmitting due to retransmit phase 1
Apr 8 09:18:06.432: ISAKMP:(2056): retransmitting phase 1 QM_IDLE ...
Apr 8 09:18:06.432: ISAKMP (2056): incrementing error counter on sa, attempt 1 of 5: retransmit phase 1
Apr 8 09:18:06.432: ISAKMP:(2056): retransmitting phase 1 QM_IDLE
Apr 8 09:18:06.432: ISAKMP:(2056): sending packet to PEER IP my_port 4500 peer_port 4500 (R) QM_IDLE
Apr 8 09:18:06.432: ISAKMP:(2056):Sending an IKE IPv4 Packet.
Apr 8 09:18:09.528: ISAKMP:(2055): retransmitting phase 2 QM_IDLE 767481015 ...
Apr 8 09:18:09.528: ISAKMP (2055): incrementing error counter on node, attempt 2 of 5: retransmit phase 2
Apr 8 09:18:09.528: ISAKMP:(2055): retransmitting phase 2 767481015 QM_IDLE
Apr 8 09:18:09.528: ISAKMP:(2055): sending packet to PEER IP my_port 4500 peer_port 4500 (R) QM_IDLE
Apr 8 09:18:09.528: ISAKMP:(2055):Sending an IKE IPv4 Packet.
Apr 8 09:18:09.528: ISAKMP:(2055): retransmitting phase 2 QM_IDLE 1209650392 ...
Apr 8 09:18:09.528: ISAKMP (2055): incrementing error counter on node, attempt 5 of 5: retransmit phase 2
Apr 8 09:18:09.528: ISAKMP:(2055): retransmitting phase 2 1209650392 QM_IDLE
Apr 8 09:18:09.528: ISAKMP:(2055): sending packet to PEER IP my_port 4500 peer_port 4500 (R) QM_IDLE
Apr 8 09:18:09.528: ISAKMP:(2055):Sending an IKE IPv4 Packet.
Apr 8 09:18:12.424: ISAKMP:(2055): retransmitting phase 1 QM_IDLE ...
Apr 8 09:18:12.424: ISAKMP:(2055):peer does not do paranoid keepalives.
Apr 8 09:18:12.424: ISAKMP:(2055):deleting SA reason "Death by retransmission P1" state (R) QM_IDLE (peer PEER IP )
Apr 8 09:18:12.424: ISAKMP: set new node -1596789587 to QM_IDLE
Apr 8 09:18:12.424: ISAKMP:(2055): sending packet to PEER IP my_port 4500 peer_port 4500 (R) QM_IDLE
Apr 8 09:18:12.424: ISAKMP:(2055):Sending an IKE IPv4 Packet.
Apr 8 09:18:12.424: ISAKMP:(2055):purging node -1596789587
Apr 8 09:18:12.424: ISAKMP:(2055):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
Apr 8 09:18:12.424: ISAKMP:(2055):Old State = IKE_P1_COMPLETE New State = IKE_DEST_SA
Apr 8 09:18:12.424: ISAKMP:(2055):deleting SA reason "Death by retransmission P1" state (R) QM_IDLE (peer PEER IP )
Apr 8 09:18:12.424: ISAKMP: Unlocking peer struct 0x34835BC for isadb_mark_sa_deleted(), count 1
Apr 8 09:18:12.424: ISAKMP:(2055):deleting node 1209650392 error FALSE reason "IKE deleted"
Apr 8 09:18:12.424: ISAKMP:(2055):deleting node 767481015 error FALSE reason "IKE deleted"
Apr 8 09:18:12.424: ISAKMP:(2055):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
Apr 8 09:18:12.424: ISAKMP:(2055):Old State = IKE_DEST_SA New State = IKE_DEST_SA
Apr 8 09:18:13.928: ISAKMP (2056): received packet from PEER IP dport 4500 sport 4500 Global (R) QM_IDLE
Apr 8 09:18:13.928: ISAKMP:(2056): phase 1 packet is a duplicate of a previous packet.
Apr 8 09:18:13.928: ISAKMP:(2056): retransmitting due to retransmit phase 1
Apr 8 09:18:14.428: ISAKMP:(2056): retransmitting phase 1 QM_IDLE ...
Apr 8 09:18:14.428: ISAKMP (2056): incrementing error counter on sa, attempt 2 of 5: retransmit phase 1
Apr 8 09:18:14.428: ISAKMP:(2056): retransmitting phase 1 QM_IDLE
Apr 8 09:18:14.428: ISAKMP:(2056): sending packet to PEER IP my_port 4500 peer_port 4500 (R) QM_IDLE
Apr 8 09:18:14.428: ISAKMP:(2056):Sending an IKE IPv4 Packet.
Apr 8 09:18:19.528: IPSEC:(SESSION ID = 241) (key_engine) request timer fired: count = 2,
(identity) local= 192.168.1.2:0, remote= PEER IP :0,
local_proxy= 10.210.253.150/255.255.255.255/47/0,
remote_proxy= 10.210.253.151/255.255.255.255/47/0
Apr 8 09:18:19.532: IPSEC(sa_request): ,
(key eng. msg.) OUTBOUND local= 192.168.1.2:500, remote= PEER IP :500,
local_proxy= 10.210.253.150/255.255.255.255/47/0,
remote_proxy= 10.210.253.151/255.255.255.255/47/0,
protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel),
lifedur= 3600s and 4608000kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x0
Apr 8 09:18:19.532: ISAKMP: set new node 0 to QM_IDLE
Apr 8 09:18:19.532: SA has outstanding requests (local 2.208.117.92 port 4500, remote 2.208.117.120 port 4500)
Apr 8 09:18:19.532: ISAKMP:(2056): sitting IDLE. Starting QM immediately (QM_IDLE )
Apr 8 09:18:19.532: ISAKMP:(2056):beginning Quick Mode exchange, M-ID of 33280888
Apr 8 09:18:19.532: ISAKMP:(2056):QM Initiator gets spi
Apr 8 09:18:19.532: ISAKMP:(2056): sending packet to PEER IP my_port 4500 peer_port 4500 (R) QM_IDLE
Apr 8 09:18:19.532: ISAKMP:(2056):Sending an IKE IPv4 Packet.
Apr 8 09:18:19.532: ISAKMP:(2056):Node 33280888, Input = IKE_MESG_INTERNAL, IKE_INIT_QM
Apr 8 09:18:19.532: ISAKMP:(2056):Old State = IKE_QM_READY New State = IKE_QM_I_QM1
Apr 8 09:18:21.928: ISAKMP (2056): received packet from PEER IP dport 4500 sport 4500 Global (R) QM_IDLE
Apr 8 09:18:21.928: ISAKMP:(2056): phase 1 packet is a duplicate of a previous packet.
Apr 8 09:18:21.928: ISAKMP:(2056): retransmitting due to retransmit phase 1
Apr 8 09:18:22.428: ISAKMP:(2056): retransmitting phase 1 QM_IDLE ...
Apr 8 09:18:22.428: ISAKMP (2056): incrementing error counter on sa, attempt 3 of 5: retransmit phase 1
Apr 8 09:18:22.428: ISAKMP:(2056): retransmitting phase 1 QM_IDLE
Apr 8 09:18:22.428: ISAKMP:(2056): sending packet to PEER IP my_port 4500 peer_port 4500 (R) QM_IDLE
Apr 8 09:18:22.428: ISAKMP:(2056):Sending an IKE IPv4 Packet.
Apr 8 09:18:22.432: ISAKMP:(2054):purging node -275970509
Apr 8 09:18:29.532: ISAKMP:(2056): retransmitting phase 2 QM_IDLE 33280888 ...
Apr 8 09:18:29.532: ISAKMP (2056): incrementing error counter on node, attempt 1 of 5: retransmit phase 2
Apr 8 09:18:29.532: ISAKMP:(2056): retransmitting phase 2 33280888 QM_IDLE
Apr 8 09:18:29.532: ISAKMP:(2056): sending packet to PEER IP my_port 4500 peer_port 4500 (R) QM_IDLE
Apr 8 09:18:29.532: ISAKMP:(2056):Sending an IKE IPv4 Packet.
Apr 8 09:18:29.928: ISAKMP (2056): received packet from PEER IP dport 4500 sport 4500 Global (R) QM_IDLE
Apr 8 09:18:29.928: ISAKMP: set new node -595875201 to QM_IDLE
Apr 8 09:18:29.928: ISAKMP: reserved not zero on HASH payload!
Apr 8 09:18:29.928: CRYPTO-4-IKMP_BAD_MESSAGE: IKE message from PEER IP failed its sanity check or is malformed
Apr 8 09:18:29.928: ISAKMP:(2056):deleting node -595875201 error TRUE reason "Invalid payload"
Apr 8 09:18:32.428: ISAKMP:(2056): retransmitting phase 1 QM_IDLE ...
Apr 8 09:18:32.428: ISAKMP (2056): incrementing error counter on sa, attempt 4 of 5: retransmit phase 1
Apr 8 09:18:32.428: ISAKMP:(2056): retransmitting phase 1 QM_IDLE
Apr 8 09:18:32.428: ISAKMP:(2056): sending packet to PEER IP my_port 4500 peer_port 4500 (R) QM_IDLE
Apr 8 09:18:32.428: ISAKMP:(2056):Sending an IKE IPv4 Packet.
Apr 8 09:18:32.432: ISAKMP:(2054):purging SA., sa=E136364, delme=E136364
Apr 8 09:18:37.856: ISAKMP (0): received packet from PEER IP dport 500 sport 500 Global (N) NEW SA
Apr 8 09:18:37.856: ISAKMP: Created a peer struct for PEER IP , peer port 500
Apr 8 09:18:37.856: ISAKMP: New peer created peer = 0x2AF959C peer_handle = 0x800006CE
Apr 8 09:18:37.856: ISAKMP: Locking peer struct 0x2AF959C, refcount 1 for crypto_isakmp_process_block
Apr 8 09:18:37.856: ISAKMP: local port 500, remote port 500
Apr 8 09:18:37.856: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 2D0D468
Apr 8 09:18:37.856: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
Apr 8 09:18:37.856: ISAKMP:(0):Old State = IKE_READY New State = IKE_R_MM1
Apr 8 09:18:37.856: ISAKMP:(0): processing SA payload. message ID = 0
Apr 8 09:18:37.856: ISAKMP:(0): processing vendor id payload
Apr 8 09:18:37.856: ISAKMP:(0): vendor ID seems Unity/DPD but major 123 mismatch
Apr 8 09:18:37.860: ISAKMP:(0): vendor ID is NAT-T v2
Apr 8 09:18:37.860: ISAKMP:(0): processing vendor id payload
Apr 8 09:18:37.860: ISAKMP:(0): vendor ID seems Unity/DPD but major 157 mismatch
Apr 8 09:18:37.860: ISAKMP:(0): vendor ID is NAT-T v3
Apr 8 09:18:37.860: ISAKMP:(0): processing vendor id payload
Apr 8 09:18:37.860: ISAKMP:(0): vendor ID seems Unity/DPD but major 69 mismatch
Apr 8 09:18:37.860: ISAKMP (0): vendor ID is NAT-T RFC 3947
Apr 8 09:18:37.860: ISAKMP:(0): processing vendor id payload
Apr 8 09:18:37.860: ISAKMP:(0): processing IKE frag vendor id payload
Apr 8 09:18:37.860: ISAKMP:(0):Support for IKE Fragmentation not enabled
Apr 8 09:18:37.860: ISAKMP:(0):found peer pre-shared key matching PEER IP
Apr 8 09:18:37.860: ISAKMP:(0): local preshared key found
Apr 8 09:18:37.860: ISAKMP : Scanning profiles for xauth ...
Apr 8 09:18:37.860: ISAKMP:(0):Checking ISAKMP transform 1 against priority 10 policy
Apr 8 09:18:37.860: ISAKMP: default group 5
Apr 8 09:18:37.860: ISAKMP: encryption AES-CBC
Apr 8 09:18:37.860: ISAKMP: keylength of 256
Apr 8 09:18:37.860: ISAKMP: hash SHA
Apr 8 09:18:37.860: ISAKMP: auth pre-share
Apr 8 09:18:37.860: ISAKMP: life type in seconds
Apr 8 09:18:37.860: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80
Apr 8 09:18:37.860: ISAKMP:(0):Encryption algorithm offered does not match policy!
Apr 8 09:18:37.860: ISAKMP:(0):atts are not acceptable. Next payload is 3
Apr 8 09:18:37.860: ISAKMP:(0):Checking ISAKMP transform 2 against priority 10 policy
Apr 8 09:18:37.860: ISAKMP: default group 2
Apr 8 09:18:37.860: ISAKMP: encryption 3DES-CBC
Apr 8 09:18:37.860: ISAKMP: hash SHA
Apr 8 09:18:37.860: ISAKMP: auth pre-share
Apr 8 09:18:37.860: ISAKMP: life type in seconds
Apr 8 09:18:37.860: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80
Apr 8 09:18:37.860: ISAKMP:(0):atts are acceptable. Next payload is 3
Apr 8 09:18:37.860: ISAKMP:(0):Acceptable atts:actual life: 86400
Apr 8 09:18:37.860: ISAKMP:(0):Acceptable atts:life: 0
Apr 8 09:18:37.860: ISAKMP:(0):Fill atts in sa vpi_length:4
Apr 8 09:18:37.860: ISAKMP:(0):Fill atts in sa life_in_seconds:86400
Apr 8 09:18:37.860: ISAKMP:(0):Returning Actual lifetime: 86400
Apr 8 09:18:37.860: ISAKMP:(0)::Started lifetime timer: 86400.
Apr 8 09:18:37.860: ISAKMP:(0): processing vendor id payload
Apr 8 09:18:37.860: ISAKMP:(0): vendor ID seems Unity/DPD but major 123 mismatch
Apr 8 09:18:37.860: ISAKMP:(0): vendor ID is NAT-T v2
Apr 8 09:18:37.860: ISAKMP:(0): processing vendor id payload
Apr 8 09:18:37.860: ISAKMP:(0): vendor ID seems Unity/DPD but major 157 mismatch
Apr 8 09:18:37.860: ISAKMP:(0): vendor ID is NAT-T v3
Apr 8 09:18:37.860: ISAKMP:(0): processing vendor id payload
Apr 8 09:18:37.860: ISAKMP:(0): vendor ID seems Unity/DPD but major 69 mismatch
Apr 8 09:18:37.860: ISAKMP (0): vendor ID is NAT-T RFC 3947
Apr 8 09:18:37.860: ISAKMP:(0): processing vendor id payload
Apr 8 09:18:37.860: ISAKMP:(0): processing IKE frag vendor id payload
Apr 8 09:18:37.860: ISAKMP:(0):Support for IKE Fragmentation not enabled
Apr 8 09:18:37.860: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
Apr 8 09:18:37.860: ISAKMP:(0):Old State = IKE_R_MM1 New State = IKE_R_MM1
Apr 8 09:18:37.860: ISAKMP:(0): constructed NAT-T vendor-rfc3947 ID
Apr 8 09:18:37.860: ISAKMP:(0): sending packet to PEER IP my_port 500 peer_port 500 (R) MM_SA_SETUP
Apr 8 09:18:37.860: ISAKMP:(0):Sending an IKE IPv4 Packet.
Apr 8 09:18:37.860: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
Apr 8 09:18:37.860: ISAKMP:(0):Old State = IKE_R_MM1 New State = IKE_R_MM2
Apr 8 09:18:37.896: ISAKMP (0): received packet from PEER IP dport 500 sport 500 Global (R) MM_SA_SETUP
Apr 8 09:18:37.896: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
Apr 8 09:18:37.896: ISAKMP:(0):Old State = IKE_R_MM2 New State = IKE_R_MM3
Apr 8 09:18:37.896: ISAKMP:(0): processing KE payload. message ID = 0
Apr 8 09:18:37.900: ISAKMP:(0): processing NONCE payload. message ID = 0
Apr 8 09:18:37.900: ISAKMP:(0):found peer pre-shared key matching PEER IP
Apr 8 09:18:37.900: ISAKMP:(2057): processing vendor id payload
Apr 8 09:18:37.900: ISAKMP:(2057): vendor ID is Unity
Apr 8 09:18:37.900: ISAKMP:(2057): processing vendor id payload
Apr 8 09:18:37.900: ISAKMP:(2057): vendor ID seems Unity/DPD but major 24 mismatch
Apr 8 09:18:37.900: ISAKMP:(2057): vendor ID is XAUTH
Apr 8 09:18:37.900: ISAKMP:(2057): processing vendor id payload
Apr 8 09:18:37.900: ISAKMP:(2057): speaking to another IOS box!
Apr 8 09:18:37.900: ISAKMP:(2057): processing vendor id payload
Apr 8 09:18:37.900: ISAKMP:(2057):vendor ID seems Unity/DPD but hash mismatch
Apr 8 09:18:37.900: ISAKMP:received payload type 20
Apr 8 09:18:37.900: ISAKMP (2057): NAT found, both nodes inside NAT
Apr 8 09:18:37.900: ISAKMP:received payload type 20
Apr 8 09:18:37.900: ISAKMP (2057): My hash no match - this node inside NAT
Apr 8 09:18:37.900: ISAKMP:(2057):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
Apr 8 09:18:37.900: ISAKMP:(2057):Old State = IKE_R_MM3 New State = IKE_R_MM3
Apr 8 09:18:37.900: ISAKMP:(2057): sending packet to PEER IP my_port 500 peer_port 500 (R) MM_KEY_EXCH
Apr 8 09:18:37.900: ISAKMP:(2057):Sending an IKE IPv4 Packet.
Apr 8 09:18:37.900: ISAKMP:(2057):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
Apr 8 09:18:37.900: ISAKMP:(2057):Old State = IKE_R_MM3 New State = IKE_R_MM4
Apr 8 09:18:37.936: ISAKMP (2057): received packet from PEER IP dport 4500 sport 4500 Global (R) MM_KEY_EXCH
Apr 8 09:18:37.936: ISAKMP:(2057):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
Apr 8 09:18:37.936: ISAKMP:(2057):Old State = IKE_R_MM4 New State = IKE_R_MM5
Apr 8 09:18:37.936: ISAKMP:(2057): processing ID payload. message ID = 0
Apr 8 09:18:37.936: ISAKMP (2057): ID payload
next-payload : 8
type : 1
address : PEER IP
protocol : 17
port : 0
length : 12
Apr 8 09:18:37.936: ISAKMP:(0):: peer matches *none* of the profiles
Apr 8 09:18:37.936: ISAKMP:(2057): processing HASH payload. message ID = 0
Apr 8 09:18:37.936: ISAKMP:received payload type 17
Apr 8 09:18:37.936: ISAKMP:(2057): processing vendor id payload
Apr 8 09:18:37.936: ISAKMP:(2057): vendor ID is DPD
Apr 8 09:18:37.936: ISAKMP:(2057):SA authentication status:
authenticated
Apr 8 09:18:37.936: ISAKMP:(2057):SA has been authenticated with PEER IP
Apr 8 09:18:37.936: ISAKMP:(2057):Detected port floating to port = 4500
Apr 8 09:18:37.936: ISAKMP: Trying to insert a peer 192.168.1.2/ PEER IP /4500/, and found existing one 34835BC to reuse, free 2AF959C
Apr 8 09:18:37.936: ISAKMP: Unlocking peer struct 0x2AF959C Reuse existing peer, count 0
Apr 8 09:18:37.936: ISAKMP: Deleting peer node by peer_reap for PEER IP : 2AF959C
Apr 8 09:18:37.936: ISAKMP: Locking peer struct 0x34835BC, refcount 2 for Reuse existing peer
Apr 8 09:18:37.936: ISAKMP:(2057):Setting UDP ENC peer struct 0x0 sa= 0x2D0D468
Apr 8 09:18:37.940: ISAKMP:(2057):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
Apr 8 09:18:37.940: ISAKMP:(2057):Old State = IKE_R_MM5 New State = IKE_R_MM5
Apr 8 09:18:37.940: ISAKMP:(2057):SA is doing pre-shared key authentication using id type ID_IPV4_ADDR
Apr 8 09:18:37.940: ISAKMP (2057): ID payload
next-payload : 8
type : 1
address : 192.168.1.2
protocol : 17
port : 0
length : 12
Apr 8 09:18:37.940: ISAKMP:(2057):Total payload length: 12
Apr 8 09:18:37.940: ISAKMP:(2057):Returning Actual lifetime: 86400
Apr 8 09:18:37.940: ISAKMP:(2057): sending packet to PEER IP my_port 4500 peer_port 4500 (R) MM_KEY_EXCH
Apr 8 09:18:37.940: ISAKMP:(2057):Sending an IKE IPv4 Packet.
Apr 8 09:18:37.940: ISAKMP:(2057):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
Apr 8 09:18:37.940: ISAKMP:(2057):Old State = IKE_R_MM5 New State = IKE_P1_COMPLETE
Apr 8 09:18:37.940: ISAKMP:(2057):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE
Apr 8 09:18:37.940: ISAKMP:(2057):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
Apr 8 09:18:38.652: No peer struct to get peer description
Apr 8 09:18:39.532: ISAKMP:(2056): retransmitting phase 2 QM_IDLE 33280888 ...
Apr 8 09:18:39.532: ISAKMP (2056): incrementing error counter on node, attempt 2 of 5: retransmit phase 2
Apr 8 09:18:39.532: ISAKMP:(2056): retransmitting phase 2 33280888 QM_IDLE
Apr 8 09:18:39.532: ISAKMP:(2056): sending packet to PEER IP my_port 4500 peer_port 4500 (R) QM_IDLE
Apr 8 09:18:39.532: ISAKMP:(2056):Sending an IKE IPv4 Packet.
Apr 8 09:18:39.924: ISAKMP:(2055):purging node 1978261464
Apr 8 09:18:42.428: ISAKMP:(2056): retransmitting phase 1 QM_IDLE ...
Apr 8 09:18:42.428: ISAKMP (2056): incrementing error counter on sa, attempt 5 of 5: retransmit phase 1
Apr 8 09:18:42.428: ISAKMP:(2056): retransmitting phase 1 QM_IDLE
Apr 8 09:18:42.428: ISAKMP:(2056): sending packet to PEER IP my_port 4500 peer_port 4500 (R) QM_IDLE
Apr 8 09:18:42.428: ISAKMP:(2056):Sending an IKE IPv4 Packet.
ROUTER
ROUTER
ROUTER un
Apr 8 09:18:45.936: ISAKMP (2057): received packet from PEER IP dport 4500 sport 4500 Global (R) QM_IDLE
Apr 8 09:18:45.936: ISAKMP:(2057): phase 1 packet is a duplicate of a previous packet.
Apr 8 09:18:45.936: ISAKMP:(2057): retransmitting due to retransmit phase 1
Apr 8 09:18:46.436: ISAKMP:(2057): retransmitting phase 1 QM_IDLE ...
Apr 8 09:18:46.436: ISAKMP (2057): incrementing error counter on sa, attempt 1 of 5: retransmit phase 1
Apr 8 09:18:46.436: ISAKMP:(2057): retransmitting phase 1 QM_IDLE
Apr 8 09:18:46.436: ISAKMP:(2057): sending packet to PEER IP my_port 4500 peer_port 4500 (R) QM_IDLE all
All possible debugging has been turned off
ROUTER
Apr 8 09:18:46.436: ISAKMP:(2057):Sending an IKE IPv4 Packet.
ROUTER
ROUTER
-----------------------------------------------------------------------------------------------
Please check and advice what is the issue and what we are missing.
Please let me know if any further details are required.
Thanks,
Nagasheshu.
- Labels:
-
Other Routing
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-08-2016 04:35 AM
try
clea cryp ips sa
clea cryp isa sa
from both sides
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-08-2016 04:44 AM
Hi Tagir,
Thanks for replying back.
Cleared from both sites.
No luck.
Thanks,
Nagasheshu.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-19-2023 10:04 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-19-2023 10:06 AM
Make new post for your issue.
This so old post and maybe no body answer you
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-19-2023 12:07 PM
Sure Sir. Will do.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-08-2016 06:37 AM
Tagir,
We can get the tunnel up if we reboot the router without any changes.
What I am trying to understand why it is going down suddenly and does not come up until router is rebooted even no one does any changes both ends.
Regards,
Nagasheshu
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-12-2016 03:17 AM
Hi All,
Please advice me on this.
Thanks in advance,
Nagasheshu.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-30-2019 01:15 PM
Hi Nagasheshu, have you fixed this? I'm having the same problem and I'm lost.!
Regards
@nagasheshu2010 wrote:Hi All,
Please advice me on this.
Thanks in advance,
Nagasheshu.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:
