cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
983
Views
50
Helpful
8
Replies
Highlighted
Participant

Why IPSec is working one day ?

Hi all,

I would like to ask about Gre over IPsec Tunnel.I got the IPsec is working in one day issue.it is so strange for me.

If i create new tunnel and initiate each other and work properly.But next day ( arroung 15 hours) tunnel is down and never come up.it is always show Phase one problem.it is always show phase 1 problem.But i confuse why this error didn't show when i deployed.This error show in next day and tunnel is never come up later.

i always see as below error this error mean phaes 1 error ,correct ?

I am using standalone CA.

The policy's acl or ike profile does not match the flow

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Hi,

As it is using RSA KEY and I found below error messages:

 

Failed to construct certificate request payload.
*Jun 20 14:57:05:289 2019 Branch_R1 IKE/7/ERROR: vrf = 0, src=192.168.1.100, dst = 192.168.1.2/500
Failed to negotiate IKE SA.
!
*Jun 20 14:57:05:265 2019 Branch_R1 IKE/7/EVENT: vrf = 0, src=192.168.1.100, dst = 192.168.1.2/500
Pre-shared key matching address 192.168.1.2 not found

Please share your configuration and check the RSA keys as certificate and ROOT.

 

Regards,

Deepak Kumar 

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution If this comment will make help you!

View solution in original post

8 REPLIES 8
Highlighted
VIP Advisor

post debug crypto isa from both sides.
Highlighted
VIP Advocate

Hi,

We need complete debug output and configuration to understand the better. 

 

There are some misleading details in the questions as Is it IPSec connection or SSL?

Spoiler
I am using standalone CA.

 

 

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution If this comment will make help you!
Highlighted
Participant

Hi,

Please see below attachment of debugging log.

I saw "Failed to construct certificate request payload " .Let me know it is this issue ?

Highlighted
Participant

Hi,

Please see below attachment of debugging log.

I saw "Failed to construct certificate request payload " .Let me know it is this issue ?

Highlighted

Hi,

As it is using RSA KEY and I found below error messages:

 

Failed to construct certificate request payload.
*Jun 20 14:57:05:289 2019 Branch_R1 IKE/7/ERROR: vrf = 0, src=192.168.1.100, dst = 192.168.1.2/500
Failed to negotiate IKE SA.
!
*Jun 20 14:57:05:265 2019 Branch_R1 IKE/7/EVENT: vrf = 0, src=192.168.1.100, dst = 192.168.1.2/500
Pre-shared key matching address 192.168.1.2 not found

Please share your configuration and check the RSA keys as certificate and ROOT.

 

Regards,

Deepak Kumar 

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution If this comment will make help you!

View solution in original post

Highlighted

Hi ,
I am using certificate .but do you mean it public key or certificate ? Certificate mean Root cert or router cert ?
Highlighted

HI,
Both certificates.
Regards,
Deepak Kumar,
Don't forget to vote and accept the solution If this comment will make help you!
Highlighted

Hi,

I solved now. I upgrade the firmware . it is ok .