Death by retransmission P1 error

ALIAOF_ · ‎02-03-2011

I am having issues bringing up a tunnel between a cisco 861 router and Cisco 2851 router. Tunnel has been dropping every week atleast once or twice. Usually router reboot fixes it but today it is just not coming back up.

I have updated the IOS on the remote, reloaded the config still no use. It seems like it is partially coming up but I see the following two messages on the main router:

1- Death by retransmission P1

2- 11:03:03.789: %CRYPTO-6-IKMP_NOT_ENCRYPTED: IKE packet from 12.234.109.169 was not encrypted and it should've been

I have checked the config on both routers it is the same as the VPN was up and we didn't make any changes on either of the two routers.

Federico Coto Fajardo · ‎02-03-2011

Hi,

I've seen this error %CRYPTO-6-IKMP_NOT_ENCRYPTED when the interesting traffic does not match on both ends.

The router is receiving a packet that should have been encrypted (according to its own policies), but was received unencrypted by the peer.

A mismatch on interesting traffic might still allow the tunnel to work, but as well might cause some problems, you might want to check the ACLs on both ends to make sure is a mirror.

Federico.

ALIAOF_ · ‎02-23-2011

Yes ACL's on both sides match they only have 3 lines in there and they exactly match.

Federico Coto Fajardo · ‎02-23-2011

That's weird because the router is reporting otherwise.

Could you share your configurations?

Federico.

ALIAOF_ · ‎02-23-2011

I know, but if I reboot the router at the remote end it will come back up. I'll see if I can post the configurations here.