IKE Initiator unable to find policy: Intf OUTSIDE on site to site vpn

dhanikonda · ‎10-23-2013

Dear Sir,

iam facing strage problem is we have site to site tunnel established phase 1 is comleeted but there is no traffic on responder side and when i debug ipsec iam getting the fallowing eoor

[IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0

Oct 22 13:49:04 [IKEv1]: IKE Initiator unable to find policy: Intf OUTSIDE, Src: 10.242.108.21, Dst: 144.36.220.225

Oct 22 13:49:07 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0

Oct 22 13:49:07 [IKEv1]: IKE Initiator unable to find policy: Intf OUTSIDE, Src: 10.242.108.21, Dst: 144.36.220.225

Oct 22 13:49:12 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0

Oct 22 13:49:12 [IKEv1]: IKE Initiator unable to find policy: Intf OUTSIDE, Src: 10.242.108.15, Dst: 144.36.220.225

Oct 22 13:49:12 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0

Oct 22 13:49:12 [IKEv1]: IKE Initiator unable to find policy: Intf OUTSIDE, Src: 10.242.108.16, Dst: 144.36.220.225

Oct 22 13:49:13 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0

Oct 22 13:49:13 [IKEv1]: IKE Initiator unable to find policy: Intf OUTSIDE, Src: 10.242.108.21, Dst: 144.36.220.225

Oct 22 13:49:15 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0

Oct 22 13:49:15 [IKEv1]: IKE Initiator unable to find policy: Intf OUTSIDE, Src: 10.242.108.16, Dst: 144.36.220.225

Oct 22 13:49:18 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0

Oct 22 13:49:18 [IKEv1]: IKE Initiator unable to find policy: Intf OUTSIDE, Src: 10.242.108.15, Dst: 144.36.220.225

Oct 22 13:49:19 [IKEv1]: IP = 144.36.220.8, IKE_DECODE RECEIVED Message (msgid=dd278862) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84

____sh crypto ipsec sa peer 144.36.X.X

peer address: 144.36.X.X

Crypto map tag: OUTSIDE_map, seq num: 1, local addr: 223.27.122.35

access-list OUTSIDE_1_cryptomap extended permit ip 10.242.108.0 255.255.252.0 host 144.36.220.225

local ident (addr/mask/prot/port): (10.242.108.0/255.255.255.0/0/0)

remote ident (addr/mask/prot/port): (144.36.220.225/255.255.255.255/0/0)

current_peer: 144.36.220.8

#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0

#pkts decaps: 11, #pkts decrypt: 11, #pkts verify: 11

#pkts compressed: 0, #pkts decompressed: 0

#pkts not compressed: 0, #pkts comp failed: 0, #pkts decomp failed: 0

#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0

#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0

#send errors: 0, #recv errors: 0

local crypto endpt.: 223.27.122.35/0, remote crypto endpt.: 144.36.220.8/0

path mtu 1500, ipsec overhead 58, media mtu 1500

current outbound spi: 0498B939

current inbound spi : C2BC877D

inbound esp sas:

spi: 0xC2BC877D (3267135357)

transform: esp-3des esp-sha-hmac no compression

in use settings ={L2L, Tunnel, }

<--- More --->

slot: 0, conn_id: 65536, crypto-map: OUTSIDE_map

sa timing: remaining key lifetime (kB/sec): (4373999/2126)

IV size: 8 bytes

replay detection support: Y

Anti replay bitmap:

0x00000000 0x00000FFF

outbound esp sas:

spi: 0x0498B939 (77117753)

transform: esp-3des esp-sha-hmac no compression

in use settings ={L2L, Tunnel, }

slot: 0, conn_id: 65536, crypto-map: OUTSIDE_map

sa timing: remaining key lifetime (kB/sec): (4374000/2126)

IV size: 8 bytes

replay detection support: Y

Anti replay bitmap:

0x00000000 0x00000001

can any body help me to how can i fix the problem

Thanks in advance

Srinivas

Jouni Forss · ‎10-23-2013

Hi,

I am not quite sure what the problem is but if you could provide the configurations I could go through them and see if there is anything there that might cause problems.

- Jouni