cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
26222
Views
5
Helpful
6
Replies

[VPN Tunnels] - Error IKMP

Vivien FRANCOIS
Level 1
Level 1

Hi,

We receive the following error on a spoke router trying to set up a VPN Tunnel :

006333: Jan 28 09:14:56.912: %CRYPTO-5-IKMP_SETUP_FAILURE: IKE SETUP FAILED for local:<Spoke Public IP Address> local_id:<Spoke Public IP Address> remote:<HUB Public IP Address> remote_id:<HUB Public IP Address> IKE profile:None fvrf:None fail_reason:Peer lost fail_class_cnt:1

Router model is a Cisco 891 and IOS is c890-universalk9-mz.151-4.M3.bin

Port Gig0, which receives the Spoke Public IP Address is set up as DHCP.

Have you ever seen the error pasted above ? I've tried to lookup on the Internet but haven't found any relevant help.

Thank you.

Vivien F.

1 Accepted Solution

Accepted Solutions

Vivien F.

I am glad that it is working and that my first understanding of the message was correct. Sometimes it is difficult to really understand what these error messages are trying to tell us.

Thank you for posting back to the thread and giving an updated status. Perhaps at this point it would be appropriate to mark the question as resolved?

HTH

Rick

HTH

Rick

View solution in original post

6 Replies 6

Richard Burts
Hall of Fame
Hall of Fame

Vivien F.

I have not seen that particular message. But in looking at the message it seems to suggest that it lost the remote peer. Can you verify the configuration of the remote peer. And can you verify that the remote peer is reachable from this router? (frequently a ping to the peer is a good first step in testing)

HTH

Rick

HTH

Rick

Hi Richard,

We have a sla tracking the reachability for the remote peer and it is indeed reachable, no loss are detected. We have several VPN tunnels coming up on the same peer withoutout any issue. Only one spoke router sends that error message and the tunnel does not come up.

Thanks.

Vivien F.

Vivien F.

If the remote peer is reachable then there must be some other issue. My first suggestion would be to review the ISAKMP parameters in the configuration. Perhaps there is something missing or perhaps something configured that does not match the configuration of the hub. My second suggestion is that running debug crypto isakmp might help to identify the issue.

HTH

Rick

HTH

Rick

Vivien FRANCOIS
Level 1
Level 1

Well, thanks for your help. It seems that it was indeed just an error message to show that the peer has been lost.

That's the first time I see that error message, that's what got me confused.

Vivien F.

I am glad that it is working and that my first understanding of the message was correct. Sometimes it is difficult to really understand what these error messages are trying to tell us.

Thank you for posting back to the thread and giving an updated status. Perhaps at this point it would be appropriate to mark the question as resolved?

HTH

Rick

HTH

Rick

Vivien FRANCOIS
Level 1
Level 1

Indeed.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: