Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6369
Views
0
Helpful
6
Replies

IPSEC ERROR: Failed to send the message to IKE

Alin Iorguta
Level 1
Level 1

‎09-19-2016 02:27 PM - edited ‎02-21-2020 08:58 PM

Hello,

i have an ASA5516X [9.5(2)10] and i'm trying to make an IPSec vpn with an Juniper device.


The topology is like this:
172.16.32.0<--->Router<-->192.168.1.0<--->ASA<-----Internet---->Juniper<---->192.168.123.0

One problem is that only ipsec tunnel between 192.168.1.0-192.168.123.0 is created by default, and the traffic between these two subnets is working ok. When i initiate a ping from subnet 172.16.32.0 to 192.168.123.0, the ipsec tunnel between 192.168.1.0-192.168.123.0 is deleted and another one between 172.16.32.0-192.168.123.0 is created, traffic between 192.168.1.0-192.168.123.0 stops working until i issue clear crypto ipsec sa. Afther that tunnel between 192.168.1.0-192.168.123.0 is created and tunnel 172.16.32.0-192.168.123.0 is deleted.

The other one is that when i issue: debug crypto ipsec 128 i receive the following message with a frequency of one/second:
IPSEC ERROR: Failed to send the message to IKE
IPSEC ERROR: Failed to send the message to IKE
IPSEC ERROR: Failed to send the message to IKE

Anyone knows what that error message means? i searched allmost everywhere and no clue about that.

Thanks in advance,

Alin

3 people had this problem
Labels:
0 Helpful
6 Replies 6

Pawan Raut
Level 4
Level 4

‎09-20-2016 12:06 AM

Do you have two tunnel on same device?

0 Helpful

Alin Iorguta
Level 1
Level 1
In response to Pawan Raut

‎09-20-2016 12:51 AM

Is just one ike peer and two subnets behind ASA (two SA are needed). I allready found that the problem resides in SRX configuration, and the soulution can be found here:

https://kb.juniper.net/InfoCenter/index?page=content&id=KB20543&actp=search

Remains the problem with the strange debug message: IPSEC ERROR: Failed to send the message to IKE

this will be interesting to find out what means.

0 Helpful

Alin Iorguta
Level 1
Level 1

‎09-20-2016 11:43 PM

Afther ipsec problem with Juniper SRX was solved the strange message still pops-up:

IPSEC ERROR: Failed to send the  message to IKE
IPSEC ERROR: Failed to send the  message to IKE
IPSEC ERROR: Failed to send the  message to IKE
IPSEC ERROR: Failed to send the  message to IKE
IPSEC ERROR: Failed to send the  message to IKE

0 Helpful

rweir0001
Level 1
Level 1

‎12-01-2016 10:02 AM

Alin,

Did you ever find out what causes the "IPSEC ERROR: Failed to send the message to IKE" message? My debugs are showing it right now but I don't know why and can't find any answers online.

Rick

0 Helpful

szszlorand
Level 1
Level 1
In response to rweir0001

‎01-31-2017 09:13 AM

Hi Rick, Alin,

Did any of you guys found out the reason for these errors? I am seeing these too...

Thanks 

Lorand

0 Helpful

Praveen Kumar
Level 1
Level 1

‎09-21-2018 01:22 PM

I am seeing this "IPSEC ERROR: Failed to send the  message to IKE" on ASA 5585 with debug crypto ipsec  command...didn't find any answers online.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents