Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
841
Views
0
Helpful
2
Replies

PIX ipsec problem : 713042 : IKE initiator unable to find policy

r.carreras
Level 1
Level 1

‎12-12-2005 08:33 AM - edited ‎02-21-2020 02:08 PM

Hello,

I have a LAN to LAN between PIX 7.0(4).2 and one 2811 with IOS.

We are using the ipsec tunnel for voice, and some calls are dropping after one minute.

I can see the following message from PIX when calls get dropped :

713042 : IKE initiator unable to find policy: Intf1, Src:172.18.2.10, Dst:172.22.0.10

172.18.2.10 -> ccme router at hq office ( PIX side )

172.22.0.10 -> ccme router at branch office ( IOS side )

Do you have any idea ??

Thanks a lot.

Best regards.

Ricard

Labels:
0 Helpful
2 Replies 2

thomas.chen
Level 6
Level 6

‎12-16-2005 07:48 AM

I think the issue is with Queuing. Low latency queueing (LLQ) does not drop packets after configuration changes. If the configured LLW burst size is changed in a policy map that is attached to an interface but the configured LLQ bandwidth is not changed, priority queueing (PQ) will stop dropping packets. If the traffic going through PQ is much greater than the configured bandwidth, the minimum bandwidth guarantees of the classes are not met.

Workaround: Remove and re-attach the service policy

0 Helpful

tgrundbacher
Level 1
Level 1

‎12-16-2009 04:47 AM

Hi Ricard

Could you solve the issue in the meantime? I'm having the exact same problem for a VPN site-to-site peer with code 8.2(1).

Regards

Toni

0 Helpful
Customers Also Viewed These Support Documents