Buy or Renew
Buy or Renew
Meraki Community is live! Welcome Meraki Members! Learn more here.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
737
Views
4
Helpful
1
Replies

Phase I problem between two 3030 concentrators.

jkeeffe
Level 7
Level 7

‎03-15-2005 12:33 PM

I'm setting up a IPsec tunnel between two 3030's and get these errors in the log when I try to bring up the tunnel (I've x'd out the tunnel peer).

1041 03/15/2005 12:14:20.650 SEV=9 IKEDBG/1 RPT=14421 xxx.xxx.xxx.xxx

Group [xxx.xxx.xxx.xxx]

constructing ID

1042 03/15/2005 12:14:20.650 SEV=9 IKEDBG/0 RPT=56569

Group [65.219.190.253]

construct hash payload

1043 03/15/2005 12:14:20.650 SEV=9 IKEDBG/0 RPT=56570 65.219.190.253

Group [xxx.xxx.xxx.xxx]

computing hash

1045 03/15/2005 12:14:20.650 SEV=9 IKEDBG/46 RPT=29137 65.219.190.253

Group [xxx.xxx.xxx.xxx]

constructing dpd vid payload

1050 03/15/2005 12:14:20.680 SEV=4 IKE/0 RPT=38438 65.219.190.253

Group [xxx.xxx.xxx.xxx]

received an unencrypted packet when crypto active!! Dropping packet.

1095 03/15/2005 12:14:28.680 SEV=6 IKE/201 RPT=785 65.219.190.253

Group [xxx.xxx.xxx.xxx]

Duplicate Phase 1 packet detected. Retransmitting last packet.

1100 03/15/2005 12:14:28.710 SEV=6 IKE/201 RPT=786 65.219.190.253

Group [xxx.xxx.xxx.xxx]

Duplicate Phase 1 packet detected. Retransmitting last packet.

1132 03/15/2005 12:14:28.740 SEV=6 IKE/201 RPT=787 65.219.190.253

Group [xxx.xxx.xxx.xxx]

Duplicate Phase 1 packet detected. Retransmitting last packet.

1134 03/15/2005 12:14:28.740 SEV=7 IKEDBG/65 RPT=30987 xxx.xxx.xxx.xxx

Group [xxx.xxx.xxx.xxx]

IKE MM Initiator FSM error history (struct &0x7ccb670)

<state>, <event>:

MM_DONE, EV_ERROR_CONT

MM_DONE, EV_ERROR

MM_WAIT_MSG6, EV_RESEND_MSG

MM_WAIT_MSG6, NullEvent

1139 03/15/2005 12:14:28.740 SEV=9 IKEDBG/0 RPT=56584

xxx.xxx.xxx.xxx

Group [xxx.xxx.xxx.xxx]

IKE SA MM:fa5b509f terminating:

flags 0x0100c022, refcnt 0, tuncnt 0

What could cause these PHASE I error messages?

Labels:
0 Helpful
1 Reply 1

sachinraja
Level 11
Level 11

‎03-15-2005 10:30 PM

Hi. make sure all the phase I parameters are configured correctly.. this can happen due to any mismatch in phase 1 parameters like hash, encryption, lifetime, authentication method, key exchange.. these are the phase 1 values entered at each end.. make sure the configs both the end are identical.. also make sure the crypto ACLs are same both the ends...

Raj

Customers Also Viewed These Support Documents