From: Godswill Oletu (oletu@inbox.lv)
Date: Fri Mar 25 2005 - 13:36:53 GMT-3
Nguyen,
Config of both PIX firewalls will really help. But it looks like I ran into
this problem before, provided all your configurations are rct, issue the
commands below:
#Clear crypto isa sa
#Clear crypto ipse sa
On both pix firewalls.
Thanks.
Godswill Oeltu
----- Original Message -----
From: "NGUYEN Trung" <trung@vnsystem.net>
To: "Cisco certification" <ccielab@groupstudy.com>
Sent: Friday, March 25, 2005 12:07 AM
Subject: Need help on VPN problem
> Hi Group,
> I have the problem of connectivity when i'm trying to configure VPN
> site-to-site on PIX 515e
> The messsages below show "illegal udp len" but i don't really know its
> meaning.
> Anyone know how to make it work ?
>
> TIA.
>
> N.Trung
>
> =========
> pix(config)#sh crypto isakmp sa
> Total : 1
> Embryonic : 0
> dst src state pending created
> 213.113.140.202 200.245.4.11 QM_IDLE 0 0
> pix(config)#
> ISAKMP (0): beginning Quick Mode exchange, M-ID of 1828927440:6d0337d0
> crypto_isakmp_process_block:src:213.113.140.202, dest:200.245.4.11 spt:500
> dpt:5
> 00
> ISAKMP (0): processing NOTIFY payload 14 protocol 0
> spi 0, message ID = 1398403888
> return status is IKMP_NO_ERR_NO_TRANS
> ISAKMP (0): retransmitting phase 2 (1/0)... mess_id 0x3dca3e9e
> crypto_isakmp_process_block:src:213.113.140.202, dest:200.245.4.11 spt:500
> dpt:5
> 00
> ISAKMP: illegal udp len
>
> crypto_isakmp_process_block:src:213.113.140.202, dest:200.245.4.11 spt:500
> dpt:5
> 00
> ISAKMP: illegal udp len
>
> ISAKMP (0): retransmitting phase 2 (0/0)... mess_id 0x6d0337d0
> crypto_isakmp_process_block:src:213.113.140.202, dest:200.245.4.11 spt:500
> dpt:5
> 00
> ISAKMP: illegal udp len
>
> ISAKMP (0): retransmitting phase 2 (2/0)... mess_id 0x3dca3e9e
> crypto_isakmp_process_block:src:213.113.140.202, dest:200.245.4.11 spt:500
> dpt:5
> 00ISAKMP (0): retransmitting phase 2 (1/1)... mess_id 0x8d825ad2
> ISAKMP (0): beginning Quick Mode exchange, M-ID of -1855015523:916eb59d
> crypto_isakmp_process_block:src:213.113.140.202, dest:200.245.4.11 spt:500
> dpt:5
> 00
> ISAKMP: illegal udp len
>
> crypto_isakmp_process_block:src:213.113.140.202, dest:200.245.4.11 spt:500
> dpt:5
> 00
> ISAKMP (0): processing NOTIFY payload 14 protocol 0
> spi 0, message ID = 3921451065
> return status is IKMP_NO_ERR_NO_TRANS
> crypto_isakmp_process_block:src:213.113.140.202, dest:200.245.4.11 spt:500
> dpt:5
> 00
> ISAKMP (0): processing DELETE payload. message ID = 2505911899, spi size =
> 16
> ISAKMP (0): deleting SA: src 200.245.4.11, dst 213.113.140.202
> return status is IKMP_NO_ERR_NO_TRANS
> ISADB: reaper checking SA 0xf52dac, conn_id = 0 DELETE IT!
>
> VPN Peer: ISAKMP: Peer ip:213.113.140.202/500 Ref cnt decremented to:0
> Total
> VPN
> Peers:1
> VPN Peer: ISAKMP: Deleted peer: ip:213.113.140.202/500 Total VPN peers:0
>
> pix(config)# sh crypto isakmp sa
> Total : 0
> Embryonic : 0
> dst src state pending created
> pix(config)#
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
-----------------------------------------
Confidentiality Note: This e-mail, and any attachment to it, contains
privileged and confidential information intended only for the use of the
individual(s) or entity named on the e-mail. If the reader of this e-mail
is not the intended recipient, or the employee or agent responsible for
delivering it to the intended recipient, you are hereby notified that
reading it is strictly prohibited. If you have received this e-mail in
error, please immediately return it to the sender and delete it from your
system. Thank You.
This archive was generated by hypermail 2.1.4 : Sun Apr 03 2005 - 17:56:51 GMT-3