03-12-2008 06:56 AM - edited 02-21-2020 03:37 PM
I have two routers working with DMVPN, they are both connecting to a HUB vpn gateway. The spokes are both under NAT to access internet, the configuration is the same but in one the vpn works in the other no.
Here below is the output from the "bad" router. it goes all well until the end when it says "Old State=IKE_I_MM4 New State = IKE_I_MM5"
In the "good" router is says""Old State=IKE_I_MM4 New State = IKE_P1_COMPLETE"
All the other lines that come before that are the equals in debug.
Anyone know whats can be going on?
*Mar 12 13:22:44.080: ISAKMP:(1023):Send initial contact
*Mar 12 13:22:44.080: ISAKMP:(1023):SA is doing pre-shared key authentication using id type ID_IPV4_ADDR
*Mar 12 13:22:44.080: ISAKMP (0:1023): ID payload
next-payload : 8
type : 1
address : 192.168.201.100
protocol : 17
port : 0
length : 12
*Mar 12 13:22:44.084: ISAKMP:(1023):Total payload length: 12
*Mar 12 13:22:44.084: crypto_engine: Generate IKE hash
*Mar 12 13:22:44.084: crypto_engine: Encrypt IKE packet
*Mar 12 13:22:44.084: ISAKMP:(1023): sending packet to 189.39.4.132 my_port 4500 peer_port 4500 (I) MM_KEY_EXCH
*Mar 12 13:22:44.084: ISAKMP:(1023):Sending an IKE IPv4 Packet.
*Mar 12 13:22:44.084: ISAKMP:(1023):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
*Mar 12 13:22:44.084: ISAKMP:(1023):Old State = IKE_I_MM4 New State = IKE_I_MM5
03-18-2008 07:29 AM
Use the "debug crypto isakmp" command to check for mismatch between tunnel parameters. Following link may help you
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008019d6f7.shtml
03-18-2008 07:33 AM
Thanks, but I have already issued that and everything goes exactly the same until the last line, that changes the mmstate from 4 to 5 in the bad router, and from 4 to complete in the good router.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide