[cisco-nas] ipsec tunnel

Dinesh dineshbs123 at gmail.com
Mon Oct 27 20:00:11 EDT 2008 

Hi,
I am trying to setup a ipsec tunnel(sVTI) between    2  cisco 7604.
The tunnel does not come up , and i see following error message.


CISCO1<-------------->Cisco2
Interface Address :20.0.0.2            20.0.0.1
Loopback address  :30.0.0.2           30.0.0.1

----------------------------------------------------------------------
crypto isakmp policy 1
  encr 3des
  authentication pre-share
  group 5
crypto isakmp key 123456789123456 address 0.0.0.0 0.0.0.0 !
!
crypto ipsec transform-set redback ah-md5-hmac !
crypto ipsec profile redback
  set transform-set redback
!
interface Tunnel1
  ip address 91.0.0.1 255.255.255.252
  tunnel source Loopback1
  tunnel destination 30.0.0.1
  tunnel mode ipsec ipv4
  tunnel protection ipsec profile redback !
interface Loopback0
  ip address 11.0.0.4 255.255.255.255
!
interface Loopback1
  ip address 30.0.0.2 255.255.255.255
!
interface FastEthernet4/47
  ip address 20.0.0.2 255.255.255.0
end
----------------------------------------------------------------
1w4d: KMI: IPSEC key engine sending message KEY_ENG_REQUEST_SAS to Crypto
IKMP.
1w4d: KMI: Crypto IKMP received message KEY_ENG_REQUEST_SAS from IPSEC key
engine.
1w4d: ISAKMP:(0): SA request profile is (NULL)
1w4d: ISAKMP: Created a peer struct for 30.0.0.1, peer port 500
1w4d: ISAKMP: New peer created peer = 0x4A109BA4 peer_handle = 0x800008E1
1w4d: ISAKMP: Locking peer struct 0x4A109BA4, refcount 1 for
isakmp_initiator
1w4d: ISAKMP: local port 500, remote port 500
1w4d: ISAKMP: Unable to allocate IKE SA
1w4d: ISAKMP: Unlocking peer struct 0x4A109BA4 for
isadb_unlock_peer_delete_sa(), count 0
1w4d: KMI: Crypto IKMP sending message KEY_MGR_SESSION_CLOSED to IPSEC key
engine.
1w4d: ISAKMP: Deleting peer node by peer_reap for 30.0.0.1: 4A109BA4
1w4d: ISAKMP:(0):purging SA., sa=0, delme=4A1F4FE4
1w4d: ISAKMP: Error while processing SA request: Failed to initialize SA
1w4d: ISAKMP: Error while processing KMI message 0, error 2.
1w4d: KMI: IPSEC key engine received message KEY_MGR_SESSION_CLOSED from
Crypto IKMP.
1w4d: KMI: IPSEC key engine sending message KEY_ENG_REQUEST_SAS to Crypto
IKMP.
-------------------------------------------------------------------------
any suggestion?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-nas/attachments/20081027/f2a40782/attachment.html>

More information about the cisco-nas mailing list