5 Replies Latest reply on Dec 19, 2013 9:34 AM by touristsis

    Crypto Ike Negotion - What does this means

    touristsis Visitor

      Hi,  Can anyone tell me what does this means?  I setup two VPN from Adtran to Zytel router.  This is error I'm getting.  Everything is working fine except these errors.

       

      2013.01.18 22:26:29 CRYPTO_IKE.NEGOTIATION DPDNodeNotifyMsgVpnMutexPath :: Node not found in P1 or P2 list

      2013.01.18 22:26:31 CRYPTO_IKE.NEGOTIATION DPDNodeNotifyMsgVpnMutexPath :: Node not found in P1 or P2 list

      2013.01.18 22:26:34 CRYPTO_IKE.NEGOTIATION DPDNodeNotifyMsgVpnMutexPath :: Node not found in P1 or P2 list

      2013.01.18 22:26:39 CRYPTO_IKE.NEGOTIATION DPDNodeNotifyMsgVpnMutexPath :: Node not found in P1 or P2 list

      2013.01.18 22:26:47 CRYPTO_IKE.NEGOTIATION DPDNodeNotifyMsgVpnMutexPath :: Node not found in P1 or P2 list

      2013.01.18 22:27:00 CRYPTO_IKE.NEGOTIATION DPDNodeNotifyMsgVpnMutexPath :: Node not found in P1 or P2 list

        • Re: Crypto Ike Negotion - What does this means
          levi Employee

          touristsis:

           

          Thank you for asking this question in the support community.  When you get a chance, will you reply with the current configuration (please, remember to remove any sensitive information)?  Also, if you could include the output from the debug crypto ike command, that would be helpful as well.

           

          Please, do not hesitate to reply with any questions or additional information.  I will be happy to help in any way I can.

           

          Levi

            • Re: Crypto Ike Negotion - What does this means
              touristsis Visitor

              Thanks Levi - FYI - The VPN is up and running.  I can't get any audio though, wonder if this is affecting it.  Attached is config file as well.  Thanks much!

               

              2013.01.21 20:59:23 CRYPTO_IKE.NEGOTIATION <POLICY: 100> PAYLOADS: HASH,NOTIFY

              2013.01.21 20:59:23 CRYPTO_IKE.NEGOTIATION   HASH PAYLOAD

              2013.01.21 20:59:23 CRYPTO_IKE.NEGOTIATION   NOTIFY PAYLOAD

              2013.01.21 20:59:23 CRYPTO_IKE.NEGOTIATION     DOI: 1

              2013.01.21 20:59:23 CRYPTO_IKE.NEGOTIATION     Protocol Id: 1

              2013.01.21 20:59:23 CRYPTO_IKE.NEGOTIATION     Size of SPI: 16

              2013.01.21 20:59:23 CRYPTO_IKE.NEGOTIATION     Type of notify message: 36136

              2013.01.21 20:59:23 CRYPTO_IKE.NEGOTIATION     Notify Type: R_U_THERE_REQUEST (3                                                                                                                                                             6136)

              2013.01.21 20:59:23 CRYPTO_IKE.NEGOTIATION     Length of Notification Data: 4

              2013.01.21 20:59:23 CRYPTO_IKE.NEGOTIATION     Notification Data In HEX Follows:                                                                                                                                                            

              2013.01.21 20:59:23 CRYPTO_IKE.NEGOTIATION       05 B9 32 AE              ..2.                                                                                                                                                              

              2013.01.21 20:59:23 CRYPTO_IKE.NEGOTIATION

              2013.01.21 20:59:23 CRYPTO_IKE.NEGOTIATION IkeInNotifyProcess: NOTIFY TYPE: R U                                                                                                                                                              THERE (36136)

              2013.01.21 20:59:23 CRYPTO_IKE.NEGOTIATION DPDNodeNotifyMsgVpnMutexPath :: Node                                                                                                                                                              not found in P1 or P2 list  ur

              2013.01.21 20:59:24 CRYPTO_IKE.NEGOTIATION peer 24.227.236.238: Received informa                                                                                                                                                             tional exchange message

              2013.01.21 20:59:24 CRYPTO_IKE.NEGOTIATION <POLICY: 100> PAYLOADS: HASH,NOTIFY

              2013.01.21 20:59:24 CRYPTO_IKE.NEGOTIATION   HASH PAYLOAD

              2013.01.21 20:59:24 CRYPTO_IKE.NEGOTIATION   NOTIFY PAYLOAD

              2013.01.21 20:59:24 CRYPTO_IKE.NEGOTIATION     DOI: 1

              2013.01.21 20:59:24 CRYPTO_IKE.NEGOTIATION     Protocol Id: 1

              2013.01.21 20:59:24 CRYPTO_IKE.NEGOTIATION     Size of SPI: 16

              2013.01.21 20:59:24 CRYPTO_IKE.NEGOTIATION     Type of notify message: 36136

              2013.01.21 20:59:24 CRYPTO_IKE.NEGOTIATION     Notify Type: R_U_THERE_REQUEST (3                                                                                                                                                             6136)

              2013.01.21 20:59:24 CRYPTO_IKE.NEGOTIATION     Length of Notification Data: 4

              2013.01.21 20:59:24 CRYPTO_IKE.NEGOTIATION     Notification Data In HEX Follows:                                                                                                                                                            

              2013.01.21 20:59:24 CRYPTO_IKE.NEGOTIATION       05 B9 32 AF              ..2.                                                                                                                                                              

              2013.01.21 20:59:24 CRYPTO_IKE.NEGOTIATION

              2013.01.21 20:59:24 CRYPTO_IKE.NEGOTIATION IkeInNotifyProcess: NOTIFY TYPE: R U                                                                                                                                                              THERE (36136)

              2013.01.21 20:59:24 CRYPTO_IKE.NEGOTIATION DPDNodeNotifyMsgVpnMutexPath :: Node                                                                                                                                                              not fou

              2013.01.21 20:59:26 CRYPTO_IKE.NEGOTIATION peer 24.227.236.238: Received informa                                                                                                                                                             tional exchange message

              2013.01.21 20:59:26 CRYPTO_IKE.NEGOTIATION <POLICY: 100> PAYLOADS: HASH,NOTIFY

              2013.01.21 20:59:26 CRYPTO_IKE.NEGOTIATION   HASH PAYLOAD

              2013.01.21 20:59:26 CRYPTO_IKE.NEGOTIATION   NOTIFY PAYLOAD

              2013.01.21 20:59:26 CRYPTO_IKE.NEGOTIATION     DOI: 1

              2013.01.21 20:59:26 CRYPTO_IKE.NEGOTIATION     Protocol Id: 1

              2013.01.21 20:59:26 CRYPTO_IKE.NEGOTIATION     Size of SPI: 16

              2013.01.21 20:59:26 CRYPTO_IKE.NEGOTIATION     Type of notify message: 36136

              2013.01.21 20:59:26 CRYPTO_IKE.NEGOTIATION     Notify Type: R_U_THERE_REQUEST (3                                                                                                                                                             6136)

              2013.01.21 20:59:26 CRYPTO_IKE.NEGOTIATION     Length of Notification Data: 4

              2013.01.21 20:59:26 CRYPTO_IKE.NEGOTIATION     Notification Data In HEX Follows:                                                                                                                                                            

              2013.01.21 20:59:26 CRYPTO_IKE.NEGOTIATION       05 B9 32 B0              ..2.                                                                                                                                                              

              2013.01.21 20:59:26 CRYPTO_IKE.NEGOTIATION

              2013.01.21 20:59:26 CRYPTO_IKE.NEGOTIATION IkeInNotifyProcess: NOTIFY TYPE: R U                                                                                                                                                              THERE (36136)

              2013.01.21 20:59:26 CRYPTO_IKE.NEGOTIATION DPDNodeNotifyMsgVpnMutexPath :: Node                                                                                                                                                              not found in P1 or P2 list  u all

              Tarantino_Austin#

              2013.01.21 20:59:29 CRYPTO_IKE.NEGOTIATION DPDNodeNotifyMsgVpnMutexPath :: Node  

                • Re: Crypto Ike Negotion - What does this means
                  touristsis Visitor


                  hostname "TEST"
                  enable password ************
                  !
                  clock timezone -6-Central-Time
                  !
                  ip subnet-zero
                  ip classless
                  ip routing
                  ipv6 unicast-routing
                  !
                  !
                  domain-proxy
                  name-server 4.2.2.2
                  !
                  !
                  no auto-config
                  !
                  event-history on
                  no logging forwarding
                  logging forwarding priority-level info
                  no logging email
                  !
                  no service password-encryption
                  !
                  username "admin" password "**********"
                  !
                  banner motd #

                                  ****** Important Banner Message ******

                   

                                  ****** Important Banner Message ******

                  #

                   

                  ip firewall
                  no ip firewall alg msn
                  no ip firewall alg mszone
                  no ip firewall alg h323
                  no ip firewall alg sip
                  !

                  no dot11ap access-point-control

                   

                  ip dhcp excluded-address 192.168.2.0 192.168.2.35
                  ip dhcp excluded-address 192.168.2.255
                  ip dhcp excluded-address 192.168.2.100 192.168.2.120
                  ip dhcp excluded-address 192.168.2.239
                  ip dhcp excluded-address 192.168.2.36 192.168.2.40
                  !
                  ip dhcp pool "Private"
                    network 192.168.2.0 255.255.255.0
                    dns-server 209.18.47.61 209.18.47.62
                    default-router 192.168.2.1
                  !!
                  ip crypto
                  !
                  crypto ike policy 100
                    initiate main
                    respond anymode
                    local-id address 22.22.22.22
                    peer 33.33.33.33
                    attribute 3
                      hash md5
                      authentication pre-share
                      lifetime 86400
                  !
                  crypto ike policy 101
                    initiate main
                    respond anymode
                    local-id address 22.22.22.22
                    peer 44.44.44.44
                    attribute 3
                      hash md5
                      authentication pre-share
                      lifetime 86400
                  !
                  crypto ike remote-id address 33.33.33.33 preshared-key ********* ike-policy 100 crypto map VPN 10 no-mode-config no-xauth
                  crypto ike remote-id address 44.44.44.44 preshared-key ******** ike-policy 101 crypto map VPN 20 no-mode-config no-xauth
                  !
                  crypto ipsec transform-set esp-des-esp-sha-hmac esp-des esp-sha-hmac
                    mode tunnel
                  !
                  crypto map VPN 10 ipsec-ike
                    description San Antonio
                    match address VPN-10-vpn-selectors
                    set peer 33.33.33.33
                    set transform-set esp-des-esp-sha-hmac
                    set security-association lifetime seconds 86400
                    ike-policy 100
                  crypto map VPN 20 ipsec-ike
                    description Houston
                    match address VPN-20-vpn-selectors
                    set peer 44.44.44.44
                    set transform-set esp-des-esp-sha-hmac
                    set security-association lifetime seconds 86400
                    ike-policy 101
                  !
                  qos map "VOIP DSCP" 10
                    match ip list VOIPTAGDSCP
                    set dscp 46
                  !
                  qos map VOIPOUT 10
                    match dscp 46 26
                    priority unlimited

                   

                  vlan 1
                    name "Default"

                   

                  no ethernet cfm
                  !
                  interface eth 0/1
                    ip address  24.xx.xx.xx  255.255.255.252
                    ip mtu 1500
                    ip access-policy Public
                    crypto map VPN
                    no rtp quality-monitoring
                    media-gateway ip primary
                    traffic-shape rate 1200000
                    qos-policy out VOIPOUT
                    no shutdown
                  !
                  !
                  interface eth 0/2
                    no ip address
                    shutdown

                   

                  interface switchport 0/1
                    no shutdown
                  !
                  interface switchport 0/2
                    no shutdown
                  !
                  interface switchport 0/3
                    no shutdown
                  !
                  interface switchport 0/4
                    no shutdown
                  !
                  interface switchport 0/5
                    no shutdown
                  !
                  interface switchport 0/6
                    no shutdown
                  !
                  interface switchport 0/7
                    no shutdown
                  !
                  interface switchport 0/8
                    no shutdown
                  !

                   

                  interface vlan 1
                    ip address  192.168.2.1  255.255.255.0
                    ip access-policy Private
                    media-gateway ip primary
                    qos-policy in "VOIP DSCP"
                    no shutdown
                  !

                   

                  !
                  ip access-list standard wizard-ics
                    remark Internet Connection Sharing
                    permit any

                   

                  ip access-list extended self
                    remark Traffic to NetVanta
                    permit ip any  any     log
                  !
                  ip access-list extended VOIPTAGDSCP
                    permit udp any range 1024 1088 any   
                    permit udp any eq 5060 any   
                  !
                  ip access-list extended VPN-10-vpn-selectors
                    permit ip 192.168.2.0 0.0.0.255  192.168.3.0 0.0.0.255   
                  !
                  ip access-list extended VPN-20-vpn-selectors
                    permit ip 192.168.2.0 0.0.0.255  192.168.1.0 0.0.0.255   
                  !
                  ip access-list extended web-acl-4
                    remark NECDSX
                    permit tcp any  any eq 8000   log
                  !
                  ip access-list extended web-acl-8
                    remark voip sa austin
                    permit ip 192.168.2.0 0.0.0.255  192.168.3.0 0.0.0.255   
                  !
                  ip access-list extended wizard-remote-access
                    remark do not hand edit this ACL
                    permit tcp any  any eq www   log
                    permit tcp any  any eq ssh   log
                    permit tcp any  any eq https   log
                  !

                   

                  ip policy-class Private
                    allow list VPN-20-vpn-selectors stateless
                    allow list VPN-10-vpn-selectors stateless
                    allow list self self
                    allow list web-acl-8 policy Private stateless
                    nat source list wizard-ics interface eth 0/1 overload
                  !
                  ip policy-class Public
                    allow reverse list VPN-20-vpn-selectors stateless
                    allow reverse list VPN-10-vpn-selectors stateless
                    allow list wizard-remote-access self
                    nat destination list web-acl-4 address 192.168.2.239
                  !

                   

                  ip route 0.0.0.0 0.0.0.0 24.153.xx.xx
                  !
                  no tftp server
                  no tftp server overwrite
                  http server
                  http secure-server
                  no snmp agent
                  no ip ftp server
                  ip ftp server default-filesystem flash
                  no ip scp server
                  no ip sntp server
                  !
                  !

                   

                  ip sip
                  ip sip udp 5060
                  ip sip udp 5080
                  ip sip udp 5092
                  ip sip tcp 5060
                  !

                  • Re: Crypto Ike Negotion - What does this means
                    levi Employee

                    touristsis:

                     

                    Sometimes if there is no audio traversing a VPN, it is because the RTP/media stream uses IP addresses that are not in the VPN selectors.  Can you confirm that the RTP/media stream for the audio is using the same ACL as the rest of the VPN traffic?

                     

                    Levi