1 Reply Latest reply on Jan 15, 2015 9:06 AM by noor

    VPN Setup b/w 2 1335p

    icbfan7 New Member

      I am trying to setup a VPN between two NetVanta 1335p units and am having trouble.  I am referencing the "Configuring a VPN using Main Mode in AOS" document.  I am able to ping between both sites public IPs.  I can start the ping from one site to the other (using "ping 10.10.121.254 source 192.168.2.254 [these are both VLAN interfaces on the 1335p units]) and this is what I get.......I get all the way to the fifth message of main mode.  See below:

       

      2014.12.31 14:42:07 CRYPTO_IKE.NEGOTIATION 100: Sent fifth message of main mode

       

      2014.12.31 14:42:09 CRYPTO_IKE.NEGOTIATION IkeStartNegotiation: Already in proce

      ss of negotiation  *

      2014.12.31 14:42:11 CRYPTO_IKE.NEGOTIATION IkeStartNegotiation: Already in proce

      ss of negotiation  *

      2014.12.31 14:42:12 CRYPTO_IKE.NEGOTIATION IkeRetryTimeOut :: Retrying 1st phase

      ..

      2014.12.31 14:42:13 CRYPTO_IKE.NEGOTIATION IkeStartNegotiation: Already in proce

      ss of negotiation  *

      2014.12.31 14:42:15 CRYPTO_IKE.NEGOTIATION IkeStartNegotiation: Already in proce

      ss of negotiation  **

      Success rate is 0 percent (0/5)

      NorwalkNetvanta#

      2014.12.31 14:42:17 CRYPTO_IKE.NEGOTIATION IkeRetryTimeOut :: Retrying 1st phase

      ..

      2014.12.31 14:42:22 CRYPTO_IKE.NEGOTIATION IkeRetryTimeOut :: Retrying 1st phase

      ..

      2014.12.31 14:42:27 CRYPTO_IKE.NEGOTIATION <POLICY: 100> PAYLOADS: DEL

      2014.12.31 14:42:27 CRYPTO_IKE.NEGOTIATION   DELETE PAYLOAD

      2014.12.31 14:42:27 CRYPTO_IKE.NEGOTIATION     DOI: 1

      2014.12.31 14:42:27 CRYPTO_IKE.NEGOTIATION     Protocol Id: 1

      2014.12.31 14:42:27 CRYPTO_IKE.NEGOTIATION     Size of the SPI field: 16

      2014.12.31 14:42:27 CRYPTO_IKE.NEGOTIATION     Number of SPIs being deleted: 1

      2014.12.31 14:42:27 CRYPTO_IKE.NEGOTIATION 100: Sent informational exchange mess

      age

      2014.12.31 14:42:27 CRYPTO_IKE.NEGOTIATION

      2014.12.31 14:42:27 CRYPTO_IKE.NEGOTIATION IkeDeleteIsakmpSA :: Deleting any DPD

      Requests queued in isakmpsa

       

      Any thoughts as to what might be giving me this error message.  From what I can tell, I have followed the guide step-by-step, and cannot get it to work.  This type of error message was not in the guide under the Troubleshooting section.  Any help would be greatly appreciated.

        • Re: VPN Setup b/w 2 1335p
          Employee

          Brian,

           

          Thanks for posting your question on the forum!

           

          Usually, if VPN negotiation gets to the 5th message of main mode, then you will want to check whether the IDs are matching up, the preshared keys are matching, or try disabling NAT-T or forcing NAT-T v2.

           

          However, if you could post the debug from both sides, as well as the configurations of both routers as well, we might be better able to narrow down the cause.

           

          Please do not hesitate to let us know if you have any questions.

           

          Thanks,

          Noor