Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
667
Views
0
Helpful
3
Replies

Site to Site IPSec VPN unable to establish tunnel, below is the debug

mahendarec@123
Level 1
Level 1

‎02-22-2022 09:53 AM

Site to Site IPSec VPN unable to establish tunnel, below is the debug report.

 

Steps as of now i done.

cleared crypto

reconfigured

 

047900: *Feb 22 20:55:06.351 PCTime: IPSEC:(SESSION ID = 2) (key_engine) request timer fired: count = 2,
(identity) local= 192.168.18.21:0, remote= 40.65.189.27:0,
local_proxy= 10.152.10.0/255.255.255.0/256/0,
remote_proxy= 10.7.125.64/255.255.255.192/256/0
047901: *Feb 22 20:55:09.199 PCTime: IPSEC:(SESSION ID = 24370) still in use sa: 0x23DC8DD4
047902: *Feb 22 20:55:09.203 PCTime: IPSEC(send_delete_notify_kmi): not sending KEY_ENGINE_DELETE_SAS
047903: *Feb 22 20:55:11.651 PCTime: IPSEC(sa_request): ,
(key eng. msg.) OUTBOUND local= 192.168.18.21:500, remote= 40.65.189.27:500,
local_proxy= 10.152.10.0/255.255.255.0/256/0,
remote_proxy= 10.7.125.64/255.255.255.192/256/0,
protocol= ESP, transform= esp-aes 256 esp-sha256-hmac (Tunnel),
lifedur= 28800s and 4608000kb,
spi= 0x0(0), conn_id= 0, keysize= 256, flags= 0x0
047904: *Feb 22 20:55:41.651 PCTime: IPSEC:(SESSION ID = 2) (key_engine) request timer fired: count = 1,
(identity) local= 192.168.18.21:0, remote= 40.65.189.27:0,
local_proxy= 10.152.10.0/255.255.255.0/256/0,
remote_proxy= 10.7.125.64/255.255.255.192/256/0
047905: *Feb 22 20:55:41.651 PCTime: IPSEC(sa_request): ,
(key eng. msg.) OUTBOUND local= 192.168.18.21:500, remote= 40.65.189.27:500,
local_proxy= 10.152.10.0/255.255.255.0/256/0,
remote_proxy= 10.7.125.64/255.255.255.192/256/0,
protocol= ESP, transform= esp-aes 256 esp-sha256-hmac (Tunnel),
lifedur= 28800s and 4608000kb,
spi= 0x0(0), conn_id= 0, keysize= 256, flags= 0x0

Labels:
0 Helpful
3 Replies 3

mahendarec@123
Level 1
Level 1

‎02-22-2022 09:54 AM

Also cisco2911 router how to configure the NAT-traversal.Please help me with config steps.

0 Helpful

Georg Pauwen
VIP
VIP

‎02-22-2022 10:23 AM

Hello,

 

post the full running configurations of both VPN tunnel ends...

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎02-22-2022 10:24 AM

what is this device ? what code running, how about other side ?

 

Do you have config to look ?

 

run both the debug :

 

debug crypto isakmp 120

debug crypto ipsec 120

 

some example :

 

https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/119425-configure-ipsec-00.html

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card