VPN Tunnel won't connect

Dale Claxton · ‎10-28-2013

Tunnel between Cisco 3945 and Juniper SRX will no longer connect. Below is the debug i am getting.

249545: *Oct 28 16:22:22.980: ISAKMP:(16705):deleting node 72113297 error FALSE reason "Informational (in) state 1"

249546: *Oct 28 16:22:23.152: ISAKMP:(0): SA request profile is Bowman

249547: *Oct 28 16:22:23.152: ISAKMP: Created a peer struct for 111.111.111.111, peer port 500

249548: *Oct 28 16:22:23.152: ISAKMP: New peer created peer = 0x13A996FC peer_handle = 0x80039860

249549: *Oct 28 16:22:23.152: ISAKMP: Locking peer struct 0x13A996FC, refcount 1 for ike_initiate_sa_for_inv_spi_recovery

249550: *Oct 28 16:22:23.152: ISAKMP: local port 500, remote port 500

249551: *Oct 28 16:22:23.152: ISAKMP:(0):Found ADDRESS key in keyring Bowman

249552: *Oct 28 16:22:23.152: ISAKMP:(0): Unknown DOI 0

249553: *Oct 28 16:22:23.152: ISAKMP:(0): constructed NAT-T vendor-rfc3947 ID

249554: *Oct 28 16:22:23.152: ISAKMP:(0): constructed NAT-T vendor-07 ID

249555: *Oct 28 16:22:23.152: ISAKMP:(0): constructed NAT-T vendor-03 ID

249556: *Oct 28 16:22:23.152: ISAKMP:(0): constructed NAT-T vendor-02 ID

249557: *Oct 28 16:22:23.152: ISAKMP : beginning Main Mode exchange for INV SPI RECOV

249558: *Oct 28 16:22:23.152: ISAKMP:(0): sending packet to 111.111.111.111 my_port 500 peer_port 500 (I) MM_NO_STATE

249559: *Oct 28 16:22:23.152: ISAKMP:(0):Sending an IKE IPv4 Packet.

249560: *Oct 28 16:22:23.152: ISAKMP: Unlocking peer struct 0x13A996FC for isadb_unlock_peer_delete_sa(), count 0

249561: *Oct 28 16:22:23.152: ISAKMP: Deleting peer node by peer_reap for 111.111.111.111: 13A996FC

249562: *Oct 28 16:22:23.152: ISAKMP:(0):purging SA., sa=0, delme=174DA964

249563: *Oct 28 16:22:23.772: ISAKMP:(16629):purging node 1417810068

249564: *Oct 28 16:22:24.244: ISAKMP:(16702):purging node 285740517

249545: *Oct 28 16:22:22.980: ISAKMP:(16705):deleting node 72113297 error FALSE reason "Informational (in) state 1"
249546: *Oct 28 16:22:23.152: ISAKMP:(0): SA request profile is Bowman
249547: *Oct 28 16:22:23.152: ISAKMP: Created a peer struct for 111.111.111.111, peer port 500
249548: *Oct 28 16:22:23.152: ISAKMP: New peer created peer = 0x13A996FC peer_handle = 0x80039860
249549: *Oct 28 16:22:23.152: ISAKMP: Locking peer struct 0x13A996FC, refcount 1 for ike_initiate_sa_for_inv_spi_recovery
249550: *Oct 28 16:22:23.152: ISAKMP: local port 500, remote port 500
249551: *Oct 28 16:22:23.152: ISAKMP:(0):Found ADDRESS key in keyring Bowman
249552: *Oct 28 16:22:23.152: ISAKMP:(0): Unknown DOI 0
249553: *Oct 28 16:22:23.152: ISAKMP:(0): constructed NAT-T vendor-rfc3947 ID
249554: *Oct 28 16:22:23.152: ISAKMP:(0): constructed NAT-T vendor-07 ID
249555: *Oct 28 16:22:23.152: ISAKMP:(0): constructed NAT-T vendor-03 ID
249556: *Oct 28 16:22:23.152: ISAKMP:(0): constructed NAT-T vendor-02 ID
249557: *Oct 28 16:22:23.152: ISAKMP : beginning Main Mode exchange for INV SPI RECOV
249558: *Oct 28 16:22:23.152: ISAKMP:(0): sending packet to 111.111.111.111 my_port 500 peer_port 500 (I) MM_NO_STATE
249559: *Oct 28 16:22:23.152: ISAKMP:(0):Sending an IKE IPv4 Packet.
249560: *Oct 28 16:22:23.152: ISAKMP: Unlocking peer struct 0x13A996FC for isadb_unlock_peer_delete_sa(), count 0
249561: *Oct 28 16:22:23.152: ISAKMP: Deleting peer node by peer_reap for 111.111.111.111: 13A996FC
249562: *Oct 28 16:22:23.152: ISAKMP:(0):purging SA., sa=0, delme=174DA964
249563: *Oct 28 16:22:23.772: ISAKMP:(16629):purging node 1417810068
249564: *Oct 28 16:22:24.244: ISAKMP:(16702):purging node 285740517

ErickBCCNA · ‎10-28-2013

MM_NO_STATE is usually an indication that the ISAKMP policies do not match on both ends.