First compare your crypto

tantelyconnectic · ‎03-11-2014

Hello everybody,

I need some help because I'm debugging a VPN site-to-site and it's not working. I have the log below

Teardown UDP connection 166426822 for wan:194.4.237.89/500 to identity:41.207.42.170/500 duration 0:02:09 bytes 6672
Group = 194.4.237.89, Username = 194.4.237.89, IP = 194.4.237.89, Session disconnected. Session Type: LAN-to-LAN, Duration: 0h:00m:00s, Bytes xmt: 0, Bytes rcv: 0, Reason: User Requested
Group = 194.4.237.89, IP = 194.4.237.89, Session is being torn down. Reason: User Requested
Group = 194.4.237.89, IP = 194.4.237.89, Removing peer from correlator table failed, no match!
Group = 194.4.237.89, IP = 194.4.237.89, Connection terminated for peer 194.4.237.89. Reason: Peer Terminate Remote Proxy 0.0.0.0, Local Proxy 0.0.0.0
Group = 194.4.237.89, IP = 194.4.237.89, Received non-routine Notify message: Invalid ID info (18)
Group = 194.4.237.89, IP = 194.4.237.89, PHASE 1 COMPLETED
AAA retrieved default group policy (GroupPolicy_194.4.237.89) for user = 194.4.237.89
Group = 194.4.237.89, IP = 194.4.237.89, Automatic NAT Detection Status:     Remote end is NOT behind a NAT device     This   end is NOT behind a NAT device
IP = 194.4.237.89, IKE Initiator: New Phase 1, Intf vlan200, IKE Peer 194.4.237.89 local Proxy Address 113.133.132.9, remote Proxy Address 172.31.50.20, Crypto map (VPN_MAP)
Group = 194.4.237.89, Username = 194.4.237.89, IP = 194.4.237.89, Session disconnected. Session Type: LAN-to-LAN, Duration: 0h:00m:00s, Bytes xmt: 0, Bytes rcv: 0, Reason: User Requested
Group = 194.4.237.89, IP = 194.4.237.89, Session is being torn down. Reason: User Requested
Group = 194.4.237.89, IP = 194.4.237.89, Removing peer from correlator table failed, no match!
Group = 194.4.237.89, IP = 194.4.237.89, Connection terminated for peer 194.4.237.89. Reason: Peer Terminate Remote Proxy 0.0.0.0, Local Proxy 0.0.0.0
Group = 194.4.237.89, IP = 194.4.237.89, Received non-routine Notify message: Invalid ID info (18)
Group = 194.4.237.89, IP = 194.4.237.89, PHASE 1 COMPLETED
AAA retrieved default group policy (GroupPolicy_194.4.237.89) for user = 194.4.237.89
Group = 194.4.237.89, IP = 194.4.237.89, Automatic NAT Detection Status:     Remote end is NOT behind a NAT device     This   end is NOT behind a NAT device
IP = 194.4.237.89, IKE Initiator: New Phase 1, Intf vlan200, IKE Peer 194.4.237.89 local Proxy Address 113.133.132.9, remote Proxy Address 172.31.50.20, Crypto map (VPN_MAP)
Group = 194.4.237.89, Username = 194.4.237.89, IP = 194.4.237.89, Session disconnected. Session Type: LAN-to-LAN, Duration: 0h:00m:00s, Bytes xmt: 0, Bytes rcv: 0, Reason: User Requested
Group = 194.4.237.89, IP = 194.4.237.89, Session is being torn down. Reason: User Requested
Group = 194.4.237.89, IP = 194.4.237.89, Removing peer from correlator table failed, no match!
Group = 194.4.237.89, IP = 194.4.237.89, Connection terminated for peer 194.4.237.89. Reason: Peer Terminate Remote Proxy 0.0.0.0, Local Proxy 0.0.0.0
Group = 194.4.237.89, IP = 194.4.237.89, Received non-routine Notify message: Invalid ID info (18)
Group = 194.4.237.89, IP = 194.4.237.89, PHASE 1 COMPLETED
AAA retrieved default group policy (GroupPolicy_194.4.237.89) for user = 194.4.237.89
Group = 194.4.237.89, IP = 194.4.237.89, Automatic NAT Detection Status:     Remote end is NOT behind a NAT device     This   end is NOT behind a NAT device
Built outbound UDP connection 166426822 for wan:194.4.237.89/500 (194.4.237.89/500) to identity:41.207.42.170/500 (41.207.42.170/500)
IP = 194.4.237.89, IKE Initiator: New Phase 1, Intf vlan200, IKE Peer 194.4.237.89 local Proxy Address 113.133.132.9, remote Proxy Address 172.31.50.20, Crypto map (VPN_MAP)

Is there someone help me to how to proceed to avid this issue ?

thanks,

Karsten Iwen · ‎03-11-2014

First compare your crypto ACLs on both devices. Are they mirrored? And remember that a crypto-ACL of "permit any to any" is nearly always the wrong choice.

VPN site-to-site issues