06-28-2010 06:55 AM - edited 03-04-2019 08:54 AM
Hi
recently I started getting following Error after rebooting the router all works ok for sometime and back to problem
VC_RTR#
*Jun 27 08:57:51.717: %CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed
connection id=1059, sequence number=58152
VC_RTR#
*Jun 27 08:57:52.325: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...
*Jun 27 08:57:52.325: ISAKMP (0): incrementing error counter on sa, attempt 1 of 5: retransmit phase 1
*Jun 27 08:57:52.325: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE
*Jun 27 08:57:52.325: ISAKMP:(0): sending packet to 68.8.56.2 my_port 500 peer_port 500 (I) MM_NO_STATE
*Jun 27 08:57:52.325: ISAKMP:(0):Sending an IKE IPv4 Packet.
VC_RTR#
*Jun 27 08:58:02.325: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...
*Jun 27 08:58:02.325: ISAKMP (0): incrementing error counter on sa, attempt 2 of 5: retransmit phase 1
*Jun 27 08:58:02.325: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE
*Jun 27 08:58:02.325: ISAKMP:(0): sending packet to 68.8.56.2 my_port 500 peer_port 500 (I) MM_NO_STATE
*Jun 27 08:58:02.325: ISAKMP:(0):Sending an IKE IPv4 Packet.
VC_RTR#
*Jun 27 08:58:12.325: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...
*Jun 27 08:58:12.325: ISAKMP (0): incrementing error counter on sa, attempt 3 of 5: retransmit phase 1
*Jun 27 08:58:12.325: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE
*Jun 27 08:58:12.325: ISAKMP:(0): sending packet to 68.8.56.2 my_port 500 peer_port 500 (I) MM_NO_STATE
*Jun 27 08:58:12.325: ISAKMP:(0):Sending an IKE IPv4 Packet.
*Jun 27 08:58:12.709: ISAKMP: set new node 0 to QM_IDLE
*Jun 27 08:58:12.709: ISAKMP:(0):SA is still budding. Attached new ipsec request to it. (local 77.89.11.2, remote 68.8.56.2)
VC_RTR#
*Jun 27 08:58:12.709: ISAKMP: Error while processing SA request: Failed to initialize SA
*Jun 27 08:58:12.709: ISAKMP: Error while processing KMI message 0, error 2.
VC_RTR#
*Jun 27 08:58:22.325: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...
*Jun 27 08:58:22.325: ISAKMP (0): incrementing error counter on sa, attempt 4 of 5: retransmit phase 1
*Jun 27 08:58:22.325: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE
*Jun 27 08:58:22.325: ISAKMP:(0): sending packet to 68.8.56.2 my_port 500 peer_port 500 (I) MM_NO_STATE
*Jun 27 08:58:22.325: ISAKMP:(0):Sending an IKE IPv4 Packet.
VC_RTR#
*Jun 27 08:58:31.825: ISAKMP:(0):purging node 1113748185
*Jun 27 08:58:31.825: ISAKMP:(0):purging node 491812622
*Jun 27 08:58:32.325: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...
*Jun 27 08:58:32.325: ISAKMP (0): incrementing error counter on sa, attempt 5 of 5: retransmit phase 1
*Jun 27 08:58:32.325: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE
*Jun 27 08:58:32.325: ISAKMP:(0): sending packet to 68.8.56.2 my_port 500 peer_port 500 (I) MM_NO_STATE
*Jun 27 08:58:32.325: ISAKMP:(0):Sending an IKE IPv4 Packet.
Solved! Go to Solution.
06-28-2010 08:43 AM
Saquib
The debug output shows that you are transmitting ISAKMP but are not receiving any ISAKMP response. Can you verify that you have connectivity to the peer at 68.8.56.2?
Can you verify that the peer at 68.8.56.2 is receiving your ISAKMP attempts to negotiate? Does the peer believe that it is sending to you?
It is a possibility that there is some issue on the other device or it may be that there is some problem in between that is disrupting the ISAKMP negotiations.
HTH
Rick
06-28-2010 07:04 AM
Hi
Can you post more info about your setup where you are getting this error message?
have you changed something recently with respect to the isp connection or configuration or hardware ?
also since when you are getting this error (from the beginning of this connection or after any changes in the network)?
Do provide more info on the connectivity which you are using for this vpn connectivity.
regds
06-28-2010 08:43 AM
Saquib
The debug output shows that you are transmitting ISAKMP but are not receiving any ISAKMP response. Can you verify that you have connectivity to the peer at 68.8.56.2?
Can you verify that the peer at 68.8.56.2 is receiving your ISAKMP attempts to negotiate? Does the peer believe that it is sending to you?
It is a possibility that there is some issue on the other device or it may be that there is some problem in between that is disrupting the ISAKMP negotiations.
HTH
Rick
06-28-2010 11:27 AM
Hi Rick,
IPSEC traffic was having issue with One Service Provider, moving to another Service Provider resolved the issue.
Its not easy to analyze an issue when all was well and no changes done. (( OR )) there is some simple troubleshooting tips for IPSEC
:-) Thanks Rick
Regards
ST
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide