Re: *Mar 1 01:38:13.295: %CRYPTO-4-IKMP_BAD_MESSAGE: IKE from Farrukh Haroon on 2010-07-05 (Ccielab archives 07/2010)

From: Farrukh Haroon <farrukhharoon_at_gmail.com>
Date: Mon, 5 Jul 2010 23:19:13 +0300

This message does not always imply an error, sometimes its just because of
sessions being cleared/timeout etc. AFAIR.

Try to find more meaningful debug messages in case your VPN is not working
or not behaving as it should (e.g. frequently timing out).

Regards

Farrukh

On Mon, Jul 5, 2010 at 7:34 PM, Taufik Kurniawan <ktaufik_at_gmail.com> wrote:

> Can anybody help why ?
>
>
> R4
>
> crypto isakmp policy 1
> encr 3des
> authentication pre-share
> group 2
> !
> crypto isakmp policy 2
> encr aes 256
> authentication pre-share
> group 5
> crypto isakmp key keynya address 20.0.0.5 255.255.255.0
> crypto isakmp key kuncikunci address 20.0.0.6 255.255.255.0
> !
> !
> crypto ipsec transform-set transetnya esp-3des esp-sha-hmac
> crypto ipsec transform-set transet3 esp-aes 256 esp-sha-hmac
> !
> crypto ipsec profile profile3
> set transform-set transet3
> !
> crypto ipsec profile profilenya
> set transform-set transetnya
> !
> interface Loopback0
> ip address 202.155.40.1 255.255.255.0
> !
> interface Tunnel45
> ip address 202.155.0.9 255.255.255.252
> tunnel source FastEthernet0/0
> tunnel destination 20.0.0.5
> tunnel mode ipsec ipv4
> tunnel protection ipsec profile profilenya
> !
> interface Tunnel46
> ip address 202.155.0.13 255.255.255.252
> tunnel source FastEthernet0/0
> tunnel destination 20.0.0.6
> tunnel mode ipsec ipv4
> tunnel protection ipsec profile profile3
> !
> interface FastEthernet0/0
> ip address 20.0.0.4 255.255.255.0
> duplex auto
> speed auto
> !
>
>
> R5
> crypto isakmp policy 1
> encr 3des
> authentication pre-share
> group 2
> crypto isakmp key keynya address 20.0.0.4 255.255.255.0
> !
> !
> crypto ipsec transform-set transetnya esp-3des esp-sha-hmac
> !
> crypto ipsec profile profilenya
> set transform-set transetnya
> !
> !
> !
> !
> !
> !
> !
> !
> interface Loopback0
> ip address 202.155.50.1 255.255.255.0
> !
> interface Tunnel0
> ip address 202.155.0.10 255.255.255.252
> tunnel source FastEthernet0
> tunnel destination 20.0.0.4
> tunnel mode ipsec ipv4
> tunnel protection ipsec profile profilenya
> !
>
> R6
>
> !
> crypto isakmp policy 2
> encr aes 256
> authentication pre-share
> group 5
> crypto isakmp key kuncikunci address 20.0.0.4 255.255.255.0
> !
> !
> crypto ipsec transform-set transet3 esp-aes 256 esp-sha-hmac
> !
> crypto ipsec profile profile3
> set transform-set transet3
> !
> !
> !
> !
> !
> !
> !
> !
> interface Tunnel0
> ip address 202.155.0.14 255.255.255.252
> tunnel source FastEthernet0
> tunnel destination 20.0.0.4
> tunnel mode ipsec ipv4
> tunnel protection ipsec profile profile3
> !
> interface Ethernet0
> no ip address
> shutdown
> half-duplex
> !
> interface FastEthernet0
> ip address 20.0.0.6 255.255.255.0
> speed auto
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Mon Jul 05 2010 - 23:19:13 ART

This archive was generated by hypermail 2.2.0 : Sun Aug 01 2010 - 19:19:15 ART