Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
756
Views
0
Helpful
1
Replies

GETVPN Question (error output)

rooeinfnfn
Level 1
Level 1

‎10-05-2011 05:35 AM - edited ‎02-21-2020 05:38 PM

Dear All,

I have question about getvpn, when i run getvpn , my getvpon (ks and gm) comes up but after a minutes comes down and star to register.i have some error output.

my configuration on KS :

crypto isakmp key cisco address x.x.10.2

crypto ipsec transform-set cisco esp-3des esp-sha-hmac

crypto ipsec profile GET

set transform-set cisco

!

crypto gdoi group test

identity number xxxx

server local

    rekey retransmit 10 number 2

  rekey authentication mypubkey rsa cisco

  sa ipsec 1

  profile GET

  match address ipv4 112

  replay counter window-size 64

Configuration on GM :

crypto isakmp policy 10

encr 3des

authentication pre-share

group 2

crypto isakmp key cisco address x.x.11.1

!

!

crypto gdoi group test

identity number xxxx

server address ipv4 x.x.10.2

!

!

crypto map GETVPN local-address ethe0/1

crypto map GETVPN 10 gdoi

set group test

=============================

Output error is :

%GDOI-4-GM_RE_REGISTER: The IPSec SA created for group test may have expired/been cleared, or didn't go through. Re-register to KS

how can i solve this problem.

Thanks

Labels:
0 Helpful
1 Reply 1

Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎10-05-2011 07:11 AM

Hi,

Is this affecting one GM or multiple ones?

Is the GM reciving rekeys properly?

During problem is it visible on KS as GM?

You should be able to temporarily recover by doing "clear crypto gdoi".

M.

0 Helpful
Customers Also Viewed These Support Documents