Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Wanet Telecoms Ltd on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

3002 HW client to 3000 concentrator IKE issue

Status
Not open for further replies.
drumrb0y

drumrb0y

Technical User
Jul 12, 2004
2
US
I know this can't be a difficult problem, but this is a first-time set up for me; I've been setting up multiple IPsec connections from 1710 routers to our 3000 Concentrator and this is the only 3002 hardware client of the lot. I'm getting a phase I error trying to establish a tunnel in client mode; this is the log:

137 07/08/2004 13:22:38.890 SEV=7 IPSECDBG/14 RPT=6
Sending KEY_ACQUIRE to IKE for src ##.##.##.##, dst ##.##.##.##

138 07/08/2004 13:22:38.890 SEV=8 IKEDBG/0 RPT=16
pitcher: received a key acquire message!

139 07/08/2004 13:22:38.890 SEV=4 IKE/41 RPT=12 ##.##.##.##
IKE Initiator: New Phase 1, Intf 12, IKE Peer ##.##.##.##
local Proxy Address ##.##.##.##, remote Proxy Address ##.##.##.##,
SA (ESP-3DES-MD5)

142 07/08/2004 13:22:38.890 SEV=5 IP/45 RPT=9
Client transmitting TCP SYN pkt to device ##.##.##.## on TCP src port #####, dst port 10000

144 07/08/2004 13:22:58.890 SEV=7 IKEDBG/65 RPT=6 ##.##.##.##
IKE AM Initiator FSM error history (struct &0xed2960)
<state>, <event>:
AM_DONE, EV_ERROR_CONT
AM_DONE, EV_ERROR
AM_CTCP_WAIT_REPLY, EV_CTCP_LINK_FAIL
AM_CTCP_WAIT_REPLY, EV_TIMEOUT

149 07/08/2004 13:22:58.890 SEV=9 IKEDBG/0 RPT=17 ##.##.##.##
IKE SA AM:6cf0d0d5 terminating:
flags 0x01000021, refcnt 0, tuncnt 0

150 07/08/2004 13:22:58.890 SEV=9 IKEDBG/0 RPT=18
sending delete/delete with reason message

151 07/08/2004 13:22:58.890 SEV=5 IP/36 RPT=9
Client fails to connect to headend device ##.##.##.## on TCP port 10000.

I haven't been able to locate any documentation that breaks down this error string to where I can correct the config - any takers?

Thanks,
Marc
 
Sort by date Sort by votes
I am receiving a simial error but I am conecting Checkpoint NG to Cisco 3005. If I get anywhere with this debug output I will update this thread.

Glad to see I am not the only one!
 
Upvote 0 Downvote
I wound up wiping the config back to factory spec, deleting the concentrator entry and rebuilding a new one from scratch, and re-configuring from the beginning on the hardware client...but in the end, it worked!

We have a Netopia DSL modem in front of the client in bridge mode, but once that is set up, you might want to make sure your DNS and DHCP is set up well - I had the most trouble figuring that out and making sure it wasn't the issue.

Good luck!
Marc
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

MP2023
  • Locked
  • Question
How to Create an site to site VPN
Replies
1
Views
705
sircles
sircles
F
  • Locked
  • Solved
some IP Phone not working over site-to-site OpenVPN, packets modified on other side of tunnel
Replies
1
Views
2K
FrankSider12
F
RogerRuntings
  • Locked
  • Question
VPN at Head Office to allow agents working from home to communicate (VOIP) with an external dialer
Replies
3
Views
1K
iggsterman
iggsterman
Randy_F
  • Locked
  • Question
Need to connect to a VPN on startup... how to run a script that will automatically reconnect
Replies
0
Views
563
Randy_F
Randy_F
SYSUSER2015
  • Locked
  • Question
VPN issue
Replies
0
Views
241
SYSUSER2015
SYSUSER2015

Part and Inventory Search

Sponsor

Back
Top