cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
17009
Views
0
Helpful
4
Replies

%CRYPTO-6-IKMP_MODE_FAILURE: Processing of Quick mode failed with peer at

jopetik09
Level 1
Level 1

Hi All,

I am getting the following log though the site to site vpn tunnel between two peers is still up and running fine without any complaints.

Also I checked the interesting traffic (ACL) config and it is same at both ends.

Jun 11 16:10:22 utc: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Quick mode failed with peer at 209.171.xxx.xx 

Jun 11 16:11:22 utc: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Quick mode failed with peer at 209.171.xxx.xx 

Jun 11 16:12:22 utc: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Quick mode failed with peer at 209.171.xxx.xx

#sh cry ipse sa peer 209.171.xxx.xx

interface: GigabitEthernet0/1
    Crypto map tag: VPNMAP, local addr. 65.55.xxx.xx

   protected vrf:
   local  ident (addr/mask/prot/port): (65.55.xxx.xxx/255.255.255.255/6/0)
   remote ident (addr/mask/prot/port): (208.38.xxx.xxx/255.255.255.255/6/5812)
   current_peer: 209.171.xxx.xx:500
     PERMIT, flags={origin_is_acl,}
    #pkts encaps: 8561, #pkts encrypt: 8561, #pkts digest 8561
    #pkts decaps: 4291, #pkts decrypt: 4291, #pkts verify 4291
    #pkts compressed: 0, #pkts decompressed: 0
    #pkts not compressed: 0, #pkts compr. failed: 0
    #pkts not decompressed: 0, #pkts decompress failed: 0
    #send errors 2, #recv errors 0

     local crypto endpt.: 65.55.xxx.xx, remote crypto endpt.: 209.171.xxx.xx
     path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet0/1
     current outbound spi: 0

     inbound esp sas:

     inbound ah sas:

     inbound pcp sas:

     outbound esp sas:

     outbound ah sas:

     outbound pcp sas:

   protected vrf:
   local  ident (addr/mask/prot/port): (65.55.xxx.xxx/255.255.255.255/6/0)
   remote ident (addr/mask/prot/port): (208.38.xxx.xxx/255.255.255.255/6/5812)
   current_peer: 209.171.xxx.xx:500
     PERMIT, flags={origin_is_acl,}
    #pkts encaps: 3424641, #pkts encrypt: 3424641, #pkts digest 3424641
    #pkts decaps: 3760696, #pkts decrypt: 3760696, #pkts verify 3760696
    #pkts compressed: 0, #pkts decompressed: 0
    #pkts not compressed: 0, #pkts compr. failed: 0
    #pkts not decompressed: 0, #pkts decompress failed: 0
    #send errors 3, #recv errors 0

     local crypto endpt.: 65.55.xxx.xx, remote crypto endpt.: 209.171.xxx.xx
     path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet0/1
     current outbound spi: 57140C90

     inbound esp sas:
      spi: 0x96137A67(2517858919)
        transform: esp-3des esp-sha-hmac ,
        in use settings ={Tunnel, }
        slot: 0, conn id: 8127, flow_id: 1039, crypto map: VPNMAP
        sa timing: remaining key lifetime (k/sec): (4513759/2293)
        IV size: 8 bytes
        replay detection support: Y

     inbound ah sas:

     inbound pcp sas:

     outbound esp sas:
      spi: 0x57140C90(1460931728)
        transform: esp-3des esp-sha-hmac ,
        in use settings ={Tunnel, }
        slot: 0, conn id: 8128, flow_id: 1040, crypto map: VPNMAP
        sa timing: remaining key lifetime (k/sec): (4513740/2293)
        IV size: 8 bytes
        replay detection support: Y

     outbound ah sas:

     outbound pcp sas:

   protected vrf:
   local  ident (addr/mask/prot/port): (65.55.xxx.xxx/255.255.255.255/6/0)
   remote ident (addr/mask/prot/port): (208.38.xxx.xxx/255.255.255.255/6/5812)
   current_peer: 209.171.xxx.xx:500
     PERMIT, flags={origin_is_acl,}
    #pkts encaps: 117, #pkts encrypt: 117, #pkts digest 117
    #pkts decaps: 115, #pkts decrypt: 115, #pkts verify 115
    #pkts compressed: 0, #pkts decompressed: 0
    #pkts not compressed: 0, #pkts compr. failed: 0
    #pkts not decompressed: 0, #pkts decompress failed: 0
    #send errors 3, #recv errors 0

     local crypto endpt.: 65.55.xxx.xx, remote crypto endpt.: 209.171.xxx.xx
     path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet0/1
     current outbound spi: 0

     inbound esp sas:

     inbound ah sas:

     inbound pcp sas:

     outbound esp sas:

     outbound ah sas:

     outbound pcp sas:

Can someone please suggest me what to do to stop these logs.

Jopeti.

4 Replies 4

John Blakley