cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
830
Views
0
Helpful
1
Replies

VPN Tunnel won't connect

Dale Claxton
Level 1
Level 1

     Tunnel between Cisco 3945 and Juniper SRX will no longer connect.  Below is the debug i am getting.

249545: *Oct 28 16:22:22.980: ISAKMP:(16705):deleting node 72113297 error FALSE reason "Informational (in) state 1"

249546: *Oct 28 16:22:23.152: ISAKMP:(0): SA request profile is Bowman

249547: *Oct 28 16:22:23.152: ISAKMP: Created a peer struct for 111.111.111.111, peer port 500

249548: *Oct 28 16:22:23.152: ISAKMP: New peer created peer = 0x13A996FC peer_handle = 0x80039860

249549: *Oct 28 16:22:23.152: ISAKMP: Locking peer struct 0x13A996FC, refcount 1 for ike_initiate_sa_for_inv_spi_recovery

249550: *Oct 28 16:22:23.152: ISAKMP: local port 500, remote port 500

249551: *Oct 28 16:22:23.152: ISAKMP:(0):Found ADDRESS key in keyring Bowman

249552: *Oct 28 16:22:23.152: ISAKMP:(0): Unknown DOI 0

249553: *Oct 28 16:22:23.152: ISAKMP:(0): constructed NAT-T vendor-rfc3947 ID

249554: *Oct 28 16:22:23.152: ISAKMP:(0): constructed NAT-T vendor-07 ID

249555: *Oct 28 16:22:23.152: ISAKMP:(0): constructed NAT-T vendor-03 ID

249556: *Oct 28 16:22:23.152: ISAKMP:(0): constructed NAT-T vendor-02 ID

249557: *Oct 28 16:22:23.152: ISAKMP : beginning Main Mode exchange for INV SPI RECOV

249558: *Oct 28 16:22:23.152: ISAKMP:(0): sending packet to 111.111.111.111 my_port 500 peer_port 500 (I) MM_NO_STATE

249559: *Oct 28 16:22:23.152: ISAKMP:(0):Sending an IKE IPv4 Packet.

249560: *Oct 28 16:22:23.152: ISAKMP: Unlocking peer struct 0x13A996FC for isadb_unlock_peer_delete_sa(), count 0

249561: *Oct 28 16:22:23.152: ISAKMP: Deleting peer node by peer_reap for 111.111.111.111: 13A996FC

249562: *Oct 28 16:22:23.152: ISAKMP:(0):purging SA., sa=0, delme=174DA964

249563: *Oct 28 16:22:23.772: ISAKMP:(16629):purging node 1417810068

249564: *Oct 28 16:22:24.244: ISAKMP:(16702):purging node 285740517

             

249545: *Oct 28 16:22:22.980: ISAKMP:(16705):deleting node 72113297 error FALSE reason "Informational (in) state 1"
249546: *Oct 28 16:22:23.152: ISAKMP:(0): SA request profile is Bowman
249547: *Oct 28 16:22:23.152: ISAKMP: Created a peer struct for 111.111.111.111, peer port 500
249548: *Oct 28 16:22:23.152: ISAKMP: New peer created peer = 0x13A996FC peer_handle = 0x80039860
249549: *Oct 28 16:22:23.152: ISAKMP: Locking peer struct 0x13A996FC, refcount 1 for ike_initiate_sa_for_inv_spi_recovery
249550: *Oct 28 16:22:23.152: ISAKMP: local port 500, remote port 500
249551: *Oct 28 16:22:23.152: ISAKMP:(0):Found ADDRESS key in keyring Bowman
249552: *Oct 28 16:22:23.152: ISAKMP:(0): Unknown DOI 0
249553: *Oct 28 16:22:23.152: ISAKMP:(0): constructed NAT-T vendor-rfc3947 ID
249554: *Oct 28 16:22:23.152: ISAKMP:(0): constructed NAT-T vendor-07 ID
249555: *Oct 28 16:22:23.152: ISAKMP:(0): constructed NAT-T vendor-03 ID
249556: *Oct 28 16:22:23.152: ISAKMP:(0): constructed NAT-T vendor-02 ID
249557: *Oct 28 16:22:23.152: ISAKMP : beginning Main Mode exchange for INV SPI RECOV
249558: *Oct 28 16:22:23.152: ISAKMP:(0): sending packet to 111.111.111.111 my_port 500 peer_port 500 (I) MM_NO_STATE
249559: *Oct 28 16:22:23.152: ISAKMP:(0):Sending an IKE IPv4 Packet.
249560: *Oct 28 16:22:23.152: ISAKMP: Unlocking peer struct 0x13A996FC for isadb_unlock_peer_delete_sa(), count 0
249561: *Oct 28 16:22:23.152: ISAKMP: Deleting peer node by peer_reap for 111.111.111.111: 13A996FC
249562: *Oct 28 16:22:23.152: ISAKMP:(0):purging SA., sa=0, delme=174DA964
249563: *Oct 28 16:22:23.772: ISAKMP:(16629):purging node 1417810068
249564: *Oct 28 16:22:24.244: ISAKMP:(16702):purging node 285740517

1 Reply 1

ErickBCCNA
Level 1
Level 1

MM_NO_STATE is usually an indication that the ISAKMP policies do not match on both ends.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: