cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1434
Views
0
Helpful
5
Replies

VPN Up, But cannot pass traffic

jtmullis82
Level 1
Level 1

i ran the debug crypto isakmp command and here is the printout.

Feb 09 13:26:07 [IKEv1]: IP = 140.32.132.73, IKE_DECODE SENDING Message (msgid=17dab024) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84
Feb 09 13:26:17 [IKEv1]: IP = 140.32.132.73, IKE_DECODE RECEIVED Message (msgid=1aa248b9) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84
Feb 09 13:26:17 [IKEv1 DEBUG]: Group = , IP = , processing hash payload
Feb 09 13:26:17 [IKEv1 DEBUG]: Group = , IP = , processing notify payload
Feb 09 13:26:17 [IKEv1 DEBUG]: Group = , IP = , Received keep-alive of type DPD R-U-THERE (seq number 0x1ad7878)
Feb 09 13:26:17 [IKEv1 DEBUG]: Group = , IP = , Sending keep-alive of type DPD R-U-THERE-ACK (seq number 0x1ad7878)
Feb 09 13:26:17 [IKEv1 DEBUG]: Group = , IP = , constructing blank hash payload
Feb 09 13:26:17 [IKEv1 DEBUG]: Group = , IP = , constructing qm hash payload
Feb 09 13:26:17 [IKEv1]: IP = 140.32.132.73, IKE_DECODE SENDING Message (msgid=68051455) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84

i removed the IP address for security reasons. does anyone have any suggestions?

5 Replies 5

manish arora
Level 6
Level 6

Hi,

can you please post your Nat & VPN configuration from both endpoints ? also sh crypto isakmp sa &  sh crypto ipsec sa .

Manish

fsebera
Level 4
Level 4

Check your routing statements.

Is phase 1 AND phase 2 up and operational?

Phase 1 could be up but phase 2 down.

IF both phases are up, troubleshoot with tracetoute, where does the traffic go? Is this the right direction?

Remember to use the source ip option with traceroute.

HTH

Frank

brian.holmes
Level 1
Level 1

I would also check the IPSec seq numbers ... To see if they are arriving in order during this condition.

Sent from Cisco Technical Support iPhone App

Brian Holmes
Verizon

after rattling my brain I opened a TAC with Cisco. The problem happened to be a known bug with the version of software I was running. Uploaded the new software and the problem was solved. thank you all for your responses in this matter.

ccnpwannabe
Level 1
Level 1

Kindly tell us what version had the bug and what ios did u replace it with

Sent from Cisco Technical Support iPhone App