Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
531
Views
0
Helpful
1
Replies

IPSec tunnel using RSA keys setup

mary_odriscoll
Level 1
Level 1

‎12-17-2004 08:28 AM - edited ‎02-21-2020 01:30 PM

Dear all

I am having problems getting a tunnel setup between SiteA192.168.10.1 and SiteB192.168.10.2. The IPSEC tunnel worked for over 2 years but has suddenly stopped working. No-one has admitted to any changes. We keep seeing errors such as %private key not found for site_dublin.sitedublin.com.

Why has it suddenly stopped working ? Would it be because one of the routers has reset its keys ?Any help would be gratefully received.

TIA

Debug is below:-Site_Dublin#

*Jan 6 21:42:35: ISAKMP (0): received packet from 192.168.10.2 (N) NEW SA

*Jan 6 21:42:35: ISAKMP (10): processing SA payload. message ID = 0

*Jan 6 21:42:35: ISAKMP (10): Checking ISAKMP transform 1 against priority 10 policy

*Jan 6 21:42:35: ISAKMP: encryption DES-CBC

*Jan 6 21:42:35: ISAKMP: hash SHA

*Jan 6 21:42:35: ISAKMP: default group 2

*Jan 6 21:42:35: ISAKMP: auth RSA encr

*Jan 6 21:42:35: ISAKMP: life type in seconds

*Jan 6 21:42:35: ISAKMP: life d%private key not found for site_dublin.sitedublin.com

*Jan 6 21:42:35: ISAKMP (10): atts are acceptable. Next payload is 0

*Jan 6 21:42:35: ISAKMP (10): Unable to get router cert to find DN!

*Jan 6 21:42:35: ISAKMP (10): SA is doing RSA encryption authentication using id type ID_IPV4_ADDR

*Jan 6 21:42:35: ISAKMP (10): sending packet to 192.168.10.2 (R) MM_SA_SETUP

*Jan 6 21:42:36: ISAKMP (10): received packet from 192.168.10.2 (R) MM_SA_SETUP

*Jan 6 21:42:36: ISAKMP (10): processing KE payload. message ID = 0

*Jan 6 21:42:36: ISAKMP (10): processing ID payload. message ID = 0

*Jan 6 21:42:37: %CRYPTO-6-IKMP_CRYPT_FAILURE: IKE (connection id 10) unable to decrypt (w/RSA private key) packet

*Jan 6 21:42:38: ISAKMP (10): retransmitting phase 1...

*Jan 6 21:42:38: ISAKMP (10): sending packet to 192.168.10.2 (R) MM_SA_SETUP

*Jan 6 21:42:39: ISAKMP (10): received packet from 192.168.10.2 (R) MM_SA_SETUP

*Jan 6 21:42:39: ISAKMP (10): processing KE payload. message ID = 0

*Jan 6 21:42:39: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Main mode failed with peer at 192.168.10.2

*Jan 6 21:42:40: ISAKMP (10): retransmitting phase 1...

*Jan 6 21:42:40: ISAKMP (10): sending packet to 192.168.10.2 (R) MM_SA_SETUP

*Jan 6 21:42:41: ISAKMP (10): received packet from 192.168.10.2 (R) MM_SA_SETUP

*Jan 6 21:42:41: ISAKMP (10): processing KE payload. message ID = 0

*Jan 6 21:42:42: ISAKMP (10): retransmitting phase 1...

*Jan 6 21:42:42: ISAKMP (10): deleting SA

*Jan 6 21:42:56: ISAKMP (10): received packet from 192.168.10.2 (R) MM_NO_STATE

Labels:
0 Helpful
1 Reply 1

Richard Burts
Hall of Fame
Hall of Fame

‎12-17-2004 11:34 AM

I am not sure of the problem, but is there any possibility that there has been a device name change (or even a DNS change of either of the devices)?

HTH

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents