Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1325
Views
0
Helpful
1
Replies

GETVPN : GM is not registering with KS

vijay kumar
Level 2
Level 2

‎03-04-2014 11:26 PM - edited ‎02-21-2020 07:32 PM

Hi All ,

We are haing 7206VXR router with version of c7200p-advsecurityk9-mz.150-1.M8.bin . Previously it was able to register with KS and it was working fine .But for the last four days it is not happening for this branch , whereas remaining and all working fine . We are getting the below error logs ,

Mar  4 10:02:07 IST: %CRYPTO-5-GM_REGSTER: Start registration to KS x.x.x.x for group GETVPNGROUP using address x.x.x.x

*Mar  4 10:02:07 IST: %CRYPTO-6-GDOI_ON_OFF: GDOI is ON

*Mar  4 10:02:08 IST: %GDOI-5-GM_REKEY_TRANS_2_UNI: Group GETVPNGROUP transitioned to Unicast Rekey.

*Mar  4 10:02:08 IST: %GDOI-3-GM_NO_IPSEC_FLOWS: IPSec FLOW limit possibly reached

*Mar  4 10:02:08 IST: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of GDOI mode failed with peer at x.x.x.x

C7206_01(config-if)#

*Mar  4 10:02:08 IST: %CRYPTO-5-GM_REGSTER: Start registration to KS x.x.x.x for group GETVPN_GROUP using address x.x.x.x

Any suggestion on this would be helpful.

Thanks.,

Vijay.

Labels:
0 Helpful
1 Reply 1

Richard Burts
Hall of Fame
Hall of Fame

‎03-05-2014 06:12 AM

Vijay

Has something changed recently? Can you verify IP connectivity between the GM and the key server? Are there any log messages on the key server about the attempt from the GM that might shed light on the problem?

HTH

Rick

HTH

Rick
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents