SOS - isakmp debug output
DComTalk.com Forum Index DComTalk.com
Discussion of VoIP, VPN, Video Conferencen, DSL and other data commucations.
 
 FAQFAQ   MemberlistMemberlist     RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 
 
Google
 
Web dcomtalk.com
SOS - isakmp debug output

 
Post new topic   Reply to topic    DComTalk.com Forum Index -> Cisco
Author Message
RobO
Guest
Posted: Thu Dec 16, 2004 6:58 pm    Post subject: SOS - isakmp debug output Reply with quote
Hello all!

Please can you help!
I am currently setting up a site-to-site VPN between a 837 and a
draytek router.

I appear to be having problems with establishing a SA.I do not have
access to the draytek but have to rely on other people to configure it
for me.
We have agreed on keys,encryption etc but following is the debug isamkp
output I keep getting and no connection is established.
I believe I have tried all combinations but nothing.
My match ACL is as follows:
access-list 111 permit ip LOCAL_NET 0.0.0.255 REMOTE_NET 0.0.0.255
I have a route-map applied denying the same as the above ACL.
Are there specific setups for draytek that need to be applied to the
Cisco box.
Also the Draytek is on leased line so its apparently set to
dial-in/out.

Many thanks in advance.

Rob
----------------------start_debug------------------------
Dec 16 13:45:18.759: ISAKMP: received ke message (1/2)
Dec 16 13:45:18.759: ISAKMP (0:0): no idb in request
Dec 16 13:45:18.759: ISAKMP: local port 500, remote port 500
Dec 16 13:45:18.759: ISAKMP: set new node 0 to QM_IDLE
Dec 16 13:45:18.763: ISAKMP (0:1): constructed NAT-T vendor ID
Dec 16 13:45:18.763: ISAKMP (0:1): Input = IKE_MESG_FROM_IPSEC,
IKE_SA_REQ_MM
Dec 16 13:45:18.763: ISAKMP (0:1): Old State = IKE_READY New State =
IKE_I_MM1

Dec 16 13:45:18.763: ISAKMP (0:1): beginning Main Mode exchange
Dec 16 13:45:18.763: ISAKMP (0:1): sending packet to REMOTE_IP my_port
500 peer_port 500 (I) MM_NO_STATE
Dec 16 13:45:18.807: ISAKMP (0:1): received packet from REMOTE_IP dport
500 sport 500 (I) MM_NO_STATE
Dec 16 13:45:18.807: ISAKMP (0:1): Input = IKE_MESG_FROM_PEER,
IKE_MM_EXCH
Dec 16 13:45:18.811: ISAKMP (0:1): Old State = IKE_I_MM1 New State =
IKE_I_MM2

Dec 16 13:45:18.811: ISAKMP (0:1): processing SA payload. message ID =
0
Dec 16 13:45:18.811: ISAKMP (0:1): found peer pre-shared key matching
REMOTE_IP
Dec 16 13:45:18.811: ISAKMP (0:1) local preshared key found
Dec 16 13:45:18.811: ISAKMP (0:1): Checking ISAKMP transform 1 against
priority 1 policy
Dec 16 13:45:18.811: ISAKMP: encryption DES-CBC
Dec 16 13:45:18.811: ISAKMP: hash SHA
Dec 16 13:45:18.811: ISAKMP: default group 2
Dec 16 13:45:18.815: ISAKMP: auth pre-share
Dec 16 13:45:18.815: ISAKMP: life type in seconds
Dec 16 13:45:18.815: ISAKMP: life duration (basic) of 3600
Dec 16 13:45:18.815: ISAKMP (0:1): atts are acceptable. Next payload is
0
Dec 16 13:45:19.035: ISAKMP (0:1): Input = IKE_MESG_INTERNAL,
IKE_PROCESS_MAIN_MODE
Dec 16 13:45:19.035: ISAKMP (0:1): Old State = IKE_I_MM2 New State =
IKE_I_MM2

Dec 16 13:45:19.039: ISAKMP (0:1): sending packet to REMOTE_IP my_port
500 peer_port 500 (I) MM_SA_SETUP
Dec 16 13:45:19.039: ISAKMP (0:1): Input = IKE_MESG_INTERNAL,
IKE_PROCESS_COMPLETE
Dec 16 13:45:19.039: ISAKMP (0:1): Old State = IKE_I_MM2 New State =
IKE_I_MM3

Dec 16 13:45:20.367: ISAKMP (0:1): received packet from REMOTE_IP dport
500 sport 500 (I) MM_SA_SETUP
Dec 16 13:45:20.367: ISAKMP (0:1): Input = IKE_MESG_FROM_PEER,
IKE_MM_EXCH
Dec 16 13:45:20.367: ISAKMP (0:1): Old State = IKE_I_MM3 New State =
IKE_I_MM4

Dec 16 13:45:20.371: ISAKMP (0:1): processing KE payload. message ID =
0
Dec 16 13:45:20.647: ISAKMP (0:1): processing NONCE payload. message ID
= 0
Dec 16 13:45:20.647: ISAKMP (0:1): found peer pre-shared key matching
REMOTE_IP
Dec 16 13:45:20.651: ISAKMP (0:1): SKEYID state generated
Dec 16 13:45:20.651: ISAKMP (0:1): Input = IKE_MESG_INTERNAL,
IKE_PROCESS_MAIN_MODE
Dec 16 13:45:20.651: ISAKMP (0:1): Old State = IKE_I_MM4 New State =
IKE_I_MM4

Dec 16 13:45:20.667: ISAKMP (0:1): Send initial contact
Dec 16 13:45:20.667: ISAKMP (0:1): SA is doing pre-shared key
authentication using id type ID_IPV4_ADDR
Dec 16 13:45:20.667: ISAKMP (1): ID payload
next-payload : 8
type : 1
addr : LOCAL_IP
protocol : 17
port : 0
length : 8
Dec 16 13:45:20.667: ISAKMP (1): Total payload length: 12
Dec 16 13:45:20.671: ISAKMP (0:1): sending packet to REMOTE_IP my_port
500 peer_port 500 (I) MM_KEY_EXCH
Dec 16 13:45:20.671: ISAKMP (0:1): Input = IKE_MESG_INTERNAL,
IKE_PROCESS_COMPLETE
Dec 16 13:45:20.671: ISAKMP (0:1): Old State = IKE_I_MM4 New State =
IKE_I_MM5

Dec 16 13:45:23.703: ISAKMP (0:1): received packet from REMOTE_IP dport
500 sport 500 (I) MM_KEY_EXCH
Dec 16 13:45:23.703: ISAKMP (0:1): phase 1 packet is a duplicate of a
previous packet.
Dec 16 13:45:23.703: ISAKMP (0:1): retransmitting due to retransmit
phase 1
Dec 16 13:45:23.703: ISAKMP (0:1): retransmitting phase 1
MM_KEY_EXCH...
Dec 16 13:45:24.203: ISAKMP (0:1): retransmitting phase 1
MM_KEY_EXCH...
Dec 16 13:45:24.203: ISAKMP (0:1): incrementing error counter on sa:
retransmit phase 1
Dec 16 13:45:24.203: ISAKMP (0:1): retransmitting phase 1 MM_KEY_EXCH
Dec 16 13:45:24.203: ISAKMP (0:1): sending packet to REMOTE_IP my_port
500 peer_port 500 (I) MM_KEY_EXCH
Dec 16 13:45:29.635: ISAKMP (0:1): received packet from REMOTE_IP dport
500 sport 500 (I) MM_KEY_EXCH
Dec 16 13:45:29.635: ISAKMP (0:1): phase 1 packet is a duplicate of a
previous packet.
Dec 16 13:45:29.635: ISAKMP (0:1): retransmitting due to retransmit
phase 1
Dec 16 13:45:29.635: ISAKMP (0:1): retransmitting phase 1
MM_KEY_EXCH...
Dec 16 13:45:30.135: ISAKMP (0:1): retransmitting phase 1
MM_KEY_EXCH...
Dec 16 13:45:30.135: ISAKMP (0:1): incrementing error counter on sa:
retransmit phase 1
Dec 16 13:45:30.135: ISAKMP (0:1): retransmitting phase 1 MM_KEY_EXCH
Dec 16 13:45:30.135: ISAKMP (0:1): sending packet to REMOTE_IP my_port
500 peer_port 500 (I) MM_KEY_EXCH
Dec 16 13:45:40.135: ISAKMP (0:1): retransmitting phase 1
MM_KEY_EXCH...
Dec 16 13:45:40.135: ISAKMP (0:1): incrementing error counter on sa:
retransmit phase 1
Dec 16 13:45:40.135: ISAKMP (0:1): retransmitting phase 1 MM_KEY_EXCH
Dec 16 13:45:40.135: ISAKMP (0:1): sending packet to REMOTE_IP my_port
500 peer_port 500 (I) MM_KEY_EXCH
Dec 16 13:45:48.755: ISAKMP: received ke message (1/2)
Dec 16 13:45:48.755: ISAKMP: set new node 0 to QM_IDLE
Dec 16 13:45:48.755: ISAKMP (0:1): SA is still budding. Attached new
ipsec request to it.
Dec 16 13:45:50.135: ISAKMP (0:1): retransmitting phase 1
MM_KEY_EXCH...
Dec 16 13:45:50.135: ISAKMP (0:1): incrementing error counter on sa:
retransmit phase 1
Dec 16 13:45:50.135: ISAKMP (0:1): retransmitting phase 1 MM_KEY_EXCH
Dec 16 13:45:50.135: ISAKMP (0:1): sending packet to REMOTE_IP my_port
500 peer_port 500 (I) MM_KEY_EXCH
Dec 16 13:46:00.135: ISAKMP (0:1): retransmitting phase 1
MM_KEY_EXCH...
Dec 16 13:46:00.135: ISAKMP (0:1): incrementing error counter on sa:
retransmit phase 1
Dec 16 13:46:00.135: ISAKMP (0:1): retransmitting phase 1 MM_KEY_EXCH
Dec 16 13:46:00.135: ISAKMP (0:1): sending packet to REMOTE_IP my_port
500 peer_port 500 (I) MM_KEY_EXCH
Dec 16 13:46:10.135: ISAKMP (0:1): retransmitting phase 1
MM_KEY_EXCH...
Dec 16 13:46:10.135: ISAKMP (0:1): peer does not do paranoid
keepalives.

Dec 16 13:46:10.135: ISAKMP (0:1): deleting SA reason "death by
retransmission P1" state (I) MM_KEY_EXCH (peer REMOTE_IP) input queue 0
Dec 16 13:46:10.135: ISAKMP (0:1): deleting SA reason "death by
retransmission P1" state (I) MM_KEY_EXCH (peer REMOTE_IP) input queue 0
Dec 16 13:46:10.135: ISAKMP (0:1): deleting node 148264246 error TRUE
reason "death by retransmission P1"
Dec 16 13:46:10.135: ISAKMP (0:1): deleting node 250228106 error TRUE
reason "death by retransmission P1"
Dec 16 13:46:10.139: ISAKMP (0:1): Input = IKE_MESG_INTERNAL,
IKE_PHASE1_DEL
Dec 16 13:46:10.139: ISAKMP (0:1): Old State = IKE_I_MM5 New State =
IKE_DEST_SA

Dec 16 13:46:18.755: ISAKMP: received ke message (3/1)
Dec 16 13:46:18.755: ISAKMP: ignoring request to send delete notify (no
ISAKMP sa) src LOCAL_IP dst REMOTE_IP for SPI 0x0
------------------------end_debug--------------------------------------
Back to top
RobO
Guest
Posted: Fri Dec 17, 2004 1:17 am    Post subject: Re: SOS - isakmp debug output Reply with quote
Just in case anybody comes across this and maybe I simply missed out
something really stupid.
I upgraded the IOS to 12.3 and voila all sorted.

Later

Rob
Back to top
 
Post new topic   Reply to topic    DComTalk.com Forum Index -> Cisco All times are GMT
Page 1 of 1

 
 You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum




VoIP Solutions: Telephone Systems Electronics Satellite TV Tech & Gadgets
Powered by phpBB