Re: PIX<->PIX VPN tunnel getting stuck at MM_SA_SETUP

amarsjoshi · ‎02-25-2005

Hi,

this started all of a sudden - the tunnel goes till MM_SA_SETUP stage and then again starts back -

Below is a part of the debug -

ISAKMP (0): Checking ISAKMP transform 1 against priority 10 policy

ISAKMP: encryption 3DES-CBC

ISAKMP: hash MD5

ISAKMP: default group 2

ISAKMP: auth pre-share

ISAKMP: life type in seconds

ISAKMP: life duration (VPI) of 0x0 0x1 0x4e 0x60

ISAKMP (0): atts are acceptable. Next payload is 0

ISAKMP (0): SA is doing pre-shared key authentication using id type ID_IPV4_ADDR

return status is IKMP_NO_ERROR

after which I get

ISAKMP (0): retransmitting phase 1

Any ideas what might be causing this ?

Thanks

Amar

ehirsel · ‎02-25-2005

Were there any debug messages on your end that contained this: "Reserved not zero" (or maybe 0)? If there were then the preshare keys do not match, so I would revalidate them with the partner peer admin staff.

If not, did messages similar to that appear on the remote end?

Either way, it may be helpful to determine what messages were apprearing on the other end, as it may be "black-holing" the your responses for some reason due to a parameter, policy, or preshare key mismatch.

Let me know what you find.

amarsjoshi · ‎03-01-2005

Thanks for the reply. There were no "Reserved not zero" messages at my end. However I could not get in touch with the remote admin over the weekend.

Apparently they had a switch go bad at their end, which ended up rebooting and thus the connection could not complete.

This got rectified after replacin the bad switch at their end.

Thanks

Amar