Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
2354
Views
0
Helpful
0
Comments

The user receives the ISAKMP (0:xxx): deleting SA reason gen_ipsec_isakmp_delete but doi isakmp state (I) MM_KEY_EXCH (peer x.x.x.x) input queue 0 message

TCC_2
Level 10
Level 10

on ‎06-22-2009 04:13 PM

Core issue

The output of the show crypto isa sa command shows the MM_KEY_EXCH status.

Resolution

Make sure the preshared key is correctly configured. To reset the preshared key, issue this command:  

isakmp key ******** address 172.16.172.34 255.255.255.255 no-xauth no-config-mode

Note: The pre-shared key is designated by asterisks (***).

If the keys do not match, issue this command to remove the line:

no isakmp key ******** address 172.16.172.34 255.255.255.255 no-xauth no-config-mode

Re-issue the command with the correct pre-shared key.

The IP address mentioned for preshared key is the appropriate address of the opposite end.

For further troubleshooting, capture VPN debugs from both ends, and look for a more specific error message.

For an explanation of common debug error messages used in troubleshooting IPSec issues, refer to IP Security Troubleshooting - Understanding and Using debug Commands.

Labels:
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents