ANNOUNCEMENT - The community will be down for maintenace this Thursday August 13 from 12:00 AM PT to 02:00 AM PT. As a precaution save your work.
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

The user receives the ISAKMP (0:xxx): deleting SA reason gen_ipsec_isakmp_delete but doi isakmp state (I) MM_KEY_EXCH (peer x.x.x.x) input queue 0 message

2148
Views
0
Helpful
0
Comments

Core issue

The output of the show crypto isa sa command shows the MM_KEY_EXCH status.

Resolution

Make sure the preshared key is correctly configured. To reset the preshared key, issue this command: 

isakmp key ******** address 172.16.172.34 255.255.255.255 no-xauth no-config-mode

Note: The pre-shared key is designated by asterisks (***).

If the keys do not match, issue this command to remove the line:

no isakmp key ******** address 172.16.172.34 255.255.255.255 no-xauth no-config-mode

Re-issue the command with the correct pre-shared key.

The IP address mentioned for preshared key is the appropriate address of the opposite end.

For further troubleshooting, capture VPN debugs from both ends, and look for a more specific error message.

For an explanation of common debug error messages used in troubleshooting IPSec issues, refer to IP Security Troubleshooting - Understanding and Using debug Commands.