IPSec stuck at UP_IDLE

Kaushik Ray · ‎03-27-2013

Hello

I have been working to setup a VPN session and am stuck on at the UP_IDLE state. do not seem to find what may be causing this issue.

can anybody advice please?

When i do a debug i get the following:

*Mar 27 14:59:00.927: IPSEC(key_engine): request timer fired: count = 1,

(identity) local= 1.1.1.2, remote= 217.19.147.66,

local_proxy= 10.10.10.1/255.255.255.255/0/0 (type=1),

remote_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4)

*Mar 27 14:59:00.927: IPSEC(sa_request): ,

(key eng. msg.) OUTBOUND local= 1.1.1.2, remote= 217.19.147.66,

local_proxy= 10.10.10.1/255.255.255.255/0/0 (type=1),

remote_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),

protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel),

lifedur= 14400s and 4608000kb,

spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x0

Thanks in advance.

guibarati · ‎03-27-2013

Usually up_idle condition happens when your crypto map has another peer, with a lower preference nunber, and this peer has the same interesting traffic.

So check your crypto map, look at the access-lists for the tunnels coming before this one (with a lower order number on crypto map) and see if this traffic (10.10.10.1 to 0.0.0.0) is not going somewhere else.