03-20-2006 12:35 PM - edited 02-21-2020 02:19 PM
i am pasting the below debug on my pix...i couldnt establish vpn connecting pix to pix
-------------------------------
return status is IKMP_NO_ERROR
crypto_isakmp_process_block:src:82.xxx, dest:193.yyy spt:4500 dpt:
4500
ISAKMP (0): processing NOTIFY payload 24576 protocol 1
spi 0, message ID = 945881250
ISAKMP (0): processing responder lifetime
ISAKMP (0): phase 1 responder lifetime of 1000s
return status is IKMP_NO_ERR_NO_TRANS
ISAKMP (0): sending INITIAL_CONTACT notify
ISAKMP (0): sending NOTIFY message 24578 protocol 1
VPN Peer: ISAKMP: Added new peer: ip:82.xxx/4500 Total VPN Peers:1
VPN Peer: ISAKMP: Peer ip:82.xxx/4500 Ref cnt incremented to:1 Total VPN P
eers:1
crypto_isakmp_process_block:src:82.xxx, dest:193.yyy spt:4500 dpt:
4500
ISAKMP: sa not found for ike msg
crypto_isakmp_process_block:src:82.xxx, dest:193.yyy spt:4500 dpt:
4500
ISAKMP (0): processing NOTIFY payload 14 protocol 3
spi 1424868684, message ID = 1040206926
ISAKMP (0): deleting spi 1288039764 message ID = 996742519
return status is IKMP_NO_ERR_NO_TRANS
thanks for the help
03-22-2006 03:18 AM
Would you send me all crypto and isakmp commands on both PIXs?
03-22-2006 11:13 AM
I have The same Problem , I Have a VPN PIX-506e/6.3(5) and PIX-501/6.3(5) Lan-to-Lan Tunnel Up But Cannot Pass Traffic. I recieve continuously the message ISADB: reaper checking SA 0xa2f324, conn_id = 0, It's on both PIX. and return status is IKMP_NO_ERR_NO_TRANS
the output command sh crypto ipsec sa , when send a
PIX 501
interface: outside
Crypto map tag: vpnmanta, local addr. 192.168.45.4
local ident (addr/mask/prot/port): (10.4.16.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (10.4.0.0/255.255.255.0/0/0)
current_peer: 192.168.45.2:500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest 0
#pkts decaps: 4, #pkts decrypt: 4, #pkts verify 4
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 192.168.45.4, remote crypto endpt.: 192.168.45.2
path mtu 1500, ipsec overhead 56, media mtu 1500
current outbound spi: 74dd1ea
inbound esp sas:
spi: 0xa0138c28(2685635624)
transform: esp-3des esp-md5-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 4, crypto map: vpnmanta
IV size: 8 bytes
replay detection support: Y
outbound esp sas:
spi: 0x74dd1ea(122540522)
transform: esp-3des esp-md5-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 3, crypto map: vpnmanta
sa timing: remaining key lifetime (k/sec): (4608000/28223)
IV size: 8 bytes
replay detection support: Y
outbound ah sas:
outbound pcp sas:
PIX 506E:
interface: outside
Crypto map tag: vpnmatriz, local addr. 192.168.45.2
local ident (addr/mask/prot/port): (10.4.0.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (10.4.16.0/255.255.255.0/0/0)
current_peer: 192.168.45.4:500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 4, #pkts encrypt: 4, #pkts digest 4
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress failed: 0
#send errors 1, #recv errors 0
local crypto endpt.: 192.168.45.2, remote crypto endpt.: 192.168.45.4
path mtu 1500, ipsec overhead 56, media mtu 1500
current outbound spi: a0138c28
inbound esp sas:
spi: 0x74dd1ea(122540522)
transform: esp-3des esp-md5-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 5, crypto map: vpnmatriz
sa timing: remaining key lifetime (k/sec): (4608000/28003)
IV size: 8 bytes
replay detection support: Y
outbound esp sas:
spi: 0xa0138c28(2685635624)
transform: esp-3des esp-md5-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 6, crypto map: vpnmatriz
sa timing: remaining key lifetime (k/sec): (4607999/28003)
IV size: 8 bytes
replay detection support: Y
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide