[c-nsp] C837 - VPN Tunnel Issue

Raymond Ho raymond_hwj at hotmail.com
Sat Apr 30 17:02:10 EDT 2005 

Hi,

I was wondering if there's anyone who faced the under mentioned issue with vpn tunnel (Using C837(32M) w/ 12.2(13)ZH4. Please view the under mentioned error msg / config). Is it a bug ?
Apparently, all the interfaces are up and connected but it's unable to forward the packets thru the tunnel though it has been established.
I've tried the same config with another C837 (64M) with 12.3(11)T5 and it's working fine with no error.
I'm only able to make do with a 12.2 for C837(32M) but it isn't working.

Is it possible that its facing the same issue with the 1700 (BugID CSCdx32291) ?

Please advise. Thanks.

--
Regards,
Raymond Ho

*Apr  29 21:06:16.271: %CRYPTO-4-IKMP_BAD_MESSAGE: IKE message from 10.132.149.195  failed its sanity check or is malformed

ROM: System Bootstrap, Version 12.2(8r)YN, RELEASE SOFTWARE (fc1)
ROM: C837 Software (C837-K9O3SY6-M), Version 12.2(13)ZH4, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)
System image file is "flash:c837-k9o3sy6-mz.122-13.ZH4.bin"

CISCO C837 (MPC857DSL) processor (revision 0x400) with 29492K/3276K bytes of memory.
Processor board ID AMB07210UGK (1544770661), with hardware revision 0000
CPU rev number 7
Bridging software.
1 Ethernet/IEEE 802.3 interface(s) <- I've got four interfaces (FE) only one was shown.
1 ATM network interface(s)
128K bytes of non-volatile configuration memory.
12288K bytes of processor board System flash (Read/Write)
2048K bytes of processor board Web flash (Read/Write)

vpdn-group 1
 request-dialin
  protocol pppoe

crypto isakmp policy 1
 authentication pre-share
crypto isakmp key 2 [aAGacbdEgEcLPYXRE^AAZZ``\Qf address 10.132.149.195

crypto ipsec transform-set dmvpnset ah-sha-hmac 

crypto map vpnmap 10 ipsec-isakmp 
 set peer 10.132.149.195
 set security-association level per-host
 set transform-set dmvpnset 
 match address 120

interface Tunnel2
 bandwidth 3072
 ip address 10.132.96.168 255.255.255.128
 no ip redirects
 ip mtu 1524
 ip nhrp authentication dmvpn2
 ip nhrp map multicast dynamic
 ip nhrp map multicast 10.132.149.195
 ip nhrp map 10.132.96.130 10.132.149.195
 ip nhrp network-id 2
 ip nhrp holdtime 300
 ip nhrp nhs 10.132.96.130
 no ip mroute-cache
 tunnel source Dialer0
 tunnel destination 10.132.149.195
 tunnel key 2
 crypto map vpnmap

interface ATM0
 no ip address
 no atm ilmi-keepalive
 pvc 0/16 ilmi
 
 pvc 0/100 
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 bundle-enable
 dsl operating-mode auto

interface Dialer0
 ip address negotiated
 encapsulation ppp
 dialer pool 1
 ppp authentication pap callin
 ppp pap sent-username testac at nts_trial password 7 23451E010Z04091932
 crypto map vpnmap

More information about the cisco-nsp mailing list