OT:IKE Phase I Aggressive Mode Problem from karim jamali on 2010-10-08 (Ccielab archives 10/2010)

From: karim jamali <karim.jamali_at_gmail.com>
Date: Fri, 8 Oct 2010 15:00:51 +0300

Dear Experts,

I am trying to run IKE Phase I in Aggressive mode using ISAKMP Profiles,
however I am not able to get why it doesn't work when running the debugs I
see that it can't run AGGRESSIVE mode and it can't find a PSK or cert
despite the fact that it exists. I would appreciate any input.

crypto isakmp key CISCO hostname Rack1R2.INE.com

crypto isakmp profile AGGRESSIVE
! This profile is incomplete (no match identity statement)
   keyring default
   self-identity fqdn
   initiate mode aggressive
!

crypto ipsec transform-set R1R2 esp-3des esp-md5-hmac
!
crypto map R1R2 isakmp-profile AGGRESSIVE
crypto map R1R2 10 ipsec-isakmp
set peer 136.1.122.2
set transform-set R1R2
match address LO12

interface FastEthernet0/0
ip address 136.1.121.1 255.255.255.0
duplex auto
speed auto
crypto map R1R2

spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x0
Oct 8 04:54:52.071: ISAKMP:(0): SA request profile is AGGRESSIVE
Oct 8 04:54:52.071: ISAKMP: Created a peer struct for 136.1.122.2, peer
port 500
Oct 8 04:54:52.071: ISAKMP: New peer created peer = 0x83D50508 peer_handle
= 0x80000010
Oct 8 04:54:52.075: ISAKMP: Locking peer struct 0x83D50508, refcount 1 for
isakmp_initiator
Oct 8 04:54:52.075: ISAKMP: local port 500, remote port 500
Oct 8 04:54:52.075: ISAKMP: set new node 0 to QM_IDLE
Oct 8 04:54:52.075: insert sa successfully sa = 83DE56A8
Oct 8 04:54:52.075: ISAKMP:(0):Can not start Aggressive mode, trying Main
mode.
Oct 8 04:54:52.079: ISAKMP:(0): No Cert or pre-shared address key.
Oct 8 04:54:52.079: ISAKMP:(0): construct_initial_message: Can not start
Main mode
Oct 8 04:54:52.079: ISAKMP: Unlocking peer struct 0x83D50508 for
isadb_unlock_peer_delete_sa(), count 0
Oct 8 04:54:52.079: ISAKMP: Deleting peer node by peer_reap for 136.1.122.2:
83D50508
Oct 8 04:54:52.079: ISAKMP:(0):purging SA., sa=83DE56A8, delme=83DE56A8
Oct 8 04:54:52.079: ISAKMP:(0):purging node -1397275558
Oct 8 04:54:52.083: ISAKMP: Error while processing SA request: Failed to
initialize SA
Oct 8 04:54:52.083: ISAKMP: Error while processing KMI message 0, error 2.
Oct 8 04:54:52.083: IPSEC(key_engine): got a queue event with 1 KMI
message(s)

Thanks

Best Regards

-- 
KJ
Blogs and organic groups at http://www.ccie.net

Received on Fri Oct 08 2010 - 15:00:51 ART

This archive was generated by hypermail 2.2.0 : Mon Nov 01 2010 - 06:42:05 ART