Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
683
Views
0
Helpful
0
Replies

DMVPN with HUB as CA - Spoke stuck in MM_KEY_EXCH

darreng
Beginner
Beginner

‎06-24-2020 09:09 AM

All,

 

I would be grateful if someone could give me a little pointer here please. 

 

I have several routers all working fine with a DMVPN Hub (4331) acting as my CA. One spoke router however is stuck in MM_KEY_EXCH. It seems to me like the self signed cert is messing things up (CISCO_IDEVID_SUDI). I removed it and my VPN went to QM IDLE. A reload re-instates the cert as has been pointed out on several posts I reviewed. 

 

I've been googling  for an answer but I'm still none the wiser if there is a simple fix, profile, cert map etc. 

 

*Jun 24 16:03:12.210: ISAKMP: (2045):using the CISCO_IDEVID_SUDI trustpoint's keypair to sign
*Jun 24 16:03:14.362: ISAKMP-PAK: (2045):sending packet to X.X.X.X my_port 500 peer_port 500 (I) MM_KEY_EXCH
*Jun 24 16:03:14.362: ISAKMP: (2045):Sending an IKE IPv4 Packet.
*Jun 24 16:03:14.362: ISAKMP: (2045):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
*Jun 24 16:03:14.362: ISAKMP: (2045):Old State = IKE_I_MM4 New State = IKE_I_MM5

 

Would appreciate it if anyone has a tip. Happy to upgrade my IOS if needed. 

 

Thank you 

 

Darren

Labels:
0 Helpful
0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents