|
Home > Archive > CCIE > May 2003 > Dedicated VPN connection
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Dedicated VPN connection
|
|
| adilux 2003-04-07, 5:14 pm |
| I have a problem with connecting a Cisco1720 Router running version 122-4.T
and a Cisco831 running 122-8.YN
with VPN IPSEC,
i get this error when i
show crypto isakmp
4 23:35:33.488: ISAKMP: received ke message (1/1)
4 23:35:33.488: ISAKMP (0:1): SA is still budding. Attached new ipsec request to it.
4 23:35:33.496: ISAKMP (0:1): retransmitting phase 1 MM_NO_STATE...
4 23:35:33.496: ISAKMP (0:1): incrementing error counter on sa: retransmit phase 1
4 23:35:33.496: ISAKMP (0:1): retransmitting phase 1 MM_NO_STATE
4 23:35:33.496: ISAKMP (0:1): sending packet to 64.65.93.41 (I) MM_NO_STATE
and what is MM_NO_STATE?
any help would be appreciated,
i think this stuff is way too advanced for a CCNA. | |
| darthfeces 2003-04-07, 9:27 pm |
| usually an incompatable isakmp policy or
preshared key ....
make sure your policies match and passwords match. | |
| adilux 2003-04-08, 8:47 pm |
| Oceanit#sh crypto ipsec sa detail
interface: Ethernet0
Crypto map tag: clientmap, local addr. 66.135.224.146
local ident (addr/mask/prot/port): (192.168.1.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (192.168.2.0/255.255.255.0/0/0)
current_peer: 64.65.93.41
PERMIT, flags={origin_is_acl,}
#pkts encaps: 683, #pkts encrypt: 683, #pkts digest 683
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress failed: 0
##pkts no sa (send) 3 , #pkts invalid sa (rcv) 0
#pkts encaps failed (send) 0, #pkts decaps failed (rcv) 0
#pkts invalid prot (recv) 0, #pkts verify failed: 0
#pkts invalid identity (recv) 0, #pkts invalid len (rcv) 0
#pkts replay rollover (send): 0, #pkts replay rollover (rcv) 0
##pkts replay failed (rcv): 0
#pkts internal err (send): 0, #pkts internal err (recv) 0
local crypto endpt.: 66.135.224.146, remote crypto endpt.: 64.65.93.41
path mtu 1500, media mtu 1500
current outbound spi: 19BFE341
inbound esp sas:
spi: 0x3FC837CB(1070086091)
transform: esp-des esp-md5-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 200, flow_id: 1, crypto map: clientmap
sa timing: remaining key lifetime (k/sec): (4608000/1746)
IV size: 8 bytes
replay detection support: Y
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0x19BFE341(432005953)
transform: esp-des esp-md5-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 201, flow_id: 2, crypto map: clientmap
sa timing: remaining key lifetime (k/sec): (4607981/1746)
IV size: 8 bytes
replay detection support: Y
outbound ah sas:
outbound pcp sas: | |
| adilux 2003-04-08, 8:50 pm |
| the new errors i get now is
after i allowed AHP and ESP protocols through but still coming up with error messages in previous post. | |
| dumbut 2003-05-16, 6:30 pm |
| that means it's not working! post your configs man, how would you expect people to know what you have done in those routers? |
|
|
|
|