Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
8662
Views
0
Helpful
2
Replies

Help with IPSec error message

ovt
Level 4
Level 4

‎10-28-2004 04:57 AM - edited ‎02-21-2020 01:25 PM

Hi!

Could anybody explain what the following mean?

ISAKMP (0:1): beginning Main Mode exchange

sending packet to x.x.x.x my_port 500 peer_port 500 (I) MM_NO_STATE

received packet from x.x.x.x dport 500 sport 500 Global (I) MM_NO_STATE

ISAKMP (0:1): Notify has no hash. Rejected.

ISAKMP (0:1): Unknown Input IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY: state = IKE_I_MM1

ISAKMP (0:1): Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY

ISAKMP (0:1): Old State = IKE_I_MM1 New State = IKE_I_MM1

%CRYPTO-6-IKMP_MODE_FAILURE: Processing of Informational mode failed with peer at x.x.x.x

The crypto parameters should be the same on both sides. The remote device is probably the Conivity switch and is not available for troubleshooting :(

The local device is 12.3(10) router.

What do the error messages above mean?

Any help is greatly appreciated!

Labels:
0 Helpful
2 Replies 2

Richard Burts
Hall of Fame
Hall of Fame

‎10-28-2004 05:27 AM

It is evident that you attempted to open ISAKMP by sending a packet:

sending packet to x.x.x.x my_port 500 peer_port 500 (I) MM_NO_STATE

and the MM_NO_STATE indicates that you are at the very beginning.

Then you receive a packet from the other device:

received packet from x.x.x.x dport 500 sport 500 Global (I) MM_NO_STATE

They are sending and receiving on UDP port 500 which is the port for ISAKMP.

However there is something wrong with the message that you received:

ISAKMP (0:1): Notify has no hash. Rejected.

Then there are several other error messages which I believe reflect the fact that your router has rejected the ISAKMP packet from the other device.

The bottom line is that ISAKMP negotiation failed:

%CRYPTO-6-IKMP_MODE_FAILURE: Processing of Informational mode failed with peer at x.x.x.x

My guess is that there is a mismatch between your configuration and that of the other device. I would start by checking carefully the transform set to be sure that exactly the same parameters are specified on both ends.

HTH

Rick

HTH

Rick
0 Helpful

ehirsel
Level 6
Level 6

‎10-29-2004 11:24 AM

Also insure that both sides are using the same method for authenticating each other, that is pre-share keys, rsa signatures, or other certificates.

If using pre-share keys, make sure that the key matches on both sides.

0 Helpful
Customers Also Viewed These Support Documents