cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1891
Views
50
Helpful
8
Replies

Why IPSec is working one day ?

MrBeginner
Spotlight
Spotlight

Hi all,

I would like to ask about Gre over IPsec Tunnel.I got the IPsec is working in one day issue.it is so strange for me.

If i create new tunnel and initiate each other and work properly.But next day ( arroung 15 hours) tunnel is down and never come up.it is always show Phase one problem.it is always show phase 1 problem.But i confuse why this error didn't show when i deployed.This error show in next day and tunnel is never come up later.

i always see as below error this error mean phaes 1 error ,correct ?

I am using standalone CA.

The policy's acl or ike profile does not match the flow

1 Accepted Solution

Accepted Solutions

Hi,

As it is using RSA KEY and I found below error messages:

 

Failed to construct certificate request payload.
*Jun 20 14:57:05:289 2019 Branch_R1 IKE/7/ERROR: vrf = 0, src=192.168.1.100, dst = 192.168.1.2/500
Failed to negotiate IKE SA.
!
*Jun 20 14:57:05:265 2019 Branch_R1 IKE/7/EVENT: vrf = 0, src=192.168.1.100, dst = 192.168.1.2/500
Pre-shared key matching address 192.168.1.2 not found

Please share your configuration and check the RSA keys as certificate and ROOT.

 

Regards,

Deepak Kumar 

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

View solution in original post

8 Replies 8

post debug crypto isa from both sides.

Deepak Kumar
VIP Alumni
VIP Alumni

Hi,

We need complete debug output and configuration to understand the better. 

 

There are some misleading details in the questions as Is it IPSec connection or SSL?

Spoiler
I am using standalone CA.

 

 

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

MrBeginner
Spotlight
Spotlight

Hi,

Please see below attachment of debugging log.

I saw "Failed to construct certificate request payload " .Let me know it is this issue ?

MrBeginner
Spotlight
Spotlight

Hi,

Please see below attachment of debugging log.

I saw "Failed to construct certificate request payload " .Let me know it is this issue ?

Hi,

As it is using RSA KEY and I found below error messages:

 

Failed to construct certificate request payload.
*Jun 20 14:57:05:289 2019 Branch_R1 IKE/7/ERROR: vrf = 0, src=192.168.1.100, dst = 192.168.1.2/500
Failed to negotiate IKE SA.
!
*Jun 20 14:57:05:265 2019 Branch_R1 IKE/7/EVENT: vrf = 0, src=192.168.1.100, dst = 192.168.1.2/500
Pre-shared key matching address 192.168.1.2 not found

Please share your configuration and check the RSA keys as certificate and ROOT.

 

Regards,

Deepak Kumar 

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

Hi ,
I am using certificate .but do you mean it public key or certificate ? Certificate mean Root cert or router cert ?

HI,
Both certificates.
Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

Hi,

I solved now. I upgrade the firmware . it is ok .

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: