3 Replies Latest reply on Jan 7, 2014 9:41 AM by noor

    1335 vpn to Cisco 1941

    brian_ctl New Member


      trying to establish a vpn tunnel with gre to a Cisco.

      configs look good but the vpn will not establish.

      1335 R10.5.3

      event output:

      2013.11.01 07:44:06 CRYPTO_IKE.NEGOTIATION IkeCheckHeader : Invalid payload type 48

      2013.11.01 07:44:06 CRYPTO_IKE.NEGOTIATION IkeMMProcessIDMsg : IkeCheckPayloads failed

      2013.11.01 07:44:06 CRYPTO_IKE.NEGOTIATION IkeIDWaitProcess : IkeMMProcessIDMsg failed

      2013.11.01 07:44:06 CRYPTO_IKE.NEGOTIATION IkeProcessData : IkeIDWaitProcess failed

       

      debug crypto ike

      see attached:

      2013.11.01 07:48:50 CRYPTO_IKE.NEGOTIATION IKEInVendorIDProcess :: Received Vendor ID not registered with IKE

      2013.11.01 07:48:50 CRYPTO_IKE.NEGOTIATION IkeInVIDProcess :: IKEInVendorIDProcess failed

      2013.11.01 07:48:50 CRYPTO_IKE.NEGOTIATION IKEInVendorIDProcess :: Received Vendor ID not registered with IKE

      2013.11.01 07:48:50 CRYPTO_IKE.NEGOTIATION IkeInVIDProcess :: IKEInVendorIDProcess failed

      2013.11.01 07:48:50 CRYPTO_IKE.NEGOTIATION IKEInVendorIDProcess :: Received Vendor ID not registered with IKE

      2013.11.01 07:48:50 CRYPTO_IKE.NEGOTIATION IkeInVIDProcess :: IKEInVendorIDProcess failed

        • Re: 1335 vpn to Cisco 891
          levi Employee

          brian_ctl:

           

          Thank you for asking this question in the support community.  Thank you for including the output from the debug crypto ike command on the ADTRAN.  Based on that debug, it appears the Cisco is not sending the sixth message of main mode.  I would either check the Cisco's local-id statement or preshared password.  Also, the Configuring a VPN using Main Mode in AOS has an extensive troubleshooting section, that led to my suggestions. 

           

          I hope that makes sense, but please do not hesitate to reply to this post with any additional questions or information.  I will be happy to help in any way I can.

           

          Levi

          • Re: 1335 vpn to Cisco 891
            brian_ctl New Member

            I did end up opening a case and and it ended up being a typo on pre-shared key.

            See attached configs.

              • Re: 1335 vpn to Cisco 891
                Employee

                brian_ctl -

                I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post to unmark it and select another in its place with the applicable buttons.  If you have any additional information on this that others may benefit from, please come back to this post to provide an update.  If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.

                 

                Thanks,

                Noor