Wireless Access

Reply

Re: Failed to initiate Site-Site VPN for map:XXXXXbecause of missing isakmp policies

Aug 23 11:01:32 :103063: <3616> <DBUG> |ike| IKE2_updateSadb retransmit exchange timenow:37099441 Exch-timestamp:37094365 retrans:3800
Aug 23 11:01:32 :103063: <3616> <DBUG> |ike| spi={38ac713bcd9575d9 0000000000000000} np=SA
Aug 23 11:01:32 :103063: <3616> <DBUG> |ike| exchange=IKE_SA_INIT msgid=0 len=316
Aug 23 11:01:32 :103063: <3616> <DBUG> |ike| SEND 316 bytes to xx.xxx.xxx.xxx(500) (37099.442)
Aug 23 11:01:38 :103063: <3616> <DBUG> |ike| IKE2_updateSadb retransmit exchange timenow:37105441 Exch-timestamp:37099442 retrans:3800
Aug 23 11:01:38 :103063: <3616> <DBUG> |ike| spi={38ac713bcd9575d9 0000000000000000} np=SA
Aug 23 11:01:38 :103063: <3616> <DBUG> |ike| exchange=IKE_SA_INIT msgid=0 len=316
Aug 23 11:01:38 :103063: <3616> <DBUG> |ike| SEND 316 bytes to xx.xxx.xxx.xxx(500) (37105.442)
Aug 23 11:01:44 :103063: <3616> <DBUG> |ike| IKE2_updateSadb retransmit exchange timenow:37111442 Exch-timestamp:37105442 retrans:3800
Aug 23 11:01:44 :103063: <3616> <DBUG> |ike| spi={38ac713bcd9575d9 0000000000000000} np=SA
Aug 23 11:01:44 :103063: <3616> <DBUG> |ike| exchange=IKE_SA_INIT msgid=0 len=316
Aug 23 11:01:44 :103063: <3616> <DBUG> |ike| SEND 316 bytes to xx.xxx.xxx.xxx(500) (37111.442)
Aug 23 11:01:47 :103063: <3616> <DBUG> |ike| ->Delete AGGRESSIVE Exchange ic 09a5947359c46780 rc 0000000000000000
Aug 23 11:01:47 :103063: <3616> <DBUG> |ike| modp_free entered
Aug 23 11:01:47 :103060: <3616> <DBUG> |ike| exchange.c:exchange_negotiation_state_done:2931 Ipsec map default-local-master-ipsecmap is marked negotiation-done
Aug 23 11:01:47 :103063: <3616> <DBUG> |ike| sa_release-> SA ph:1 ref:0 flags:10000 ic 09a5947359c46780 rc 0000000000000000
Aug 23 11:01:47 :103063: <3616> <DBUG> |ike| IKE_checkExpSa pxSa:0x8cd744 error:-8949 flags:1090519045
Aug 23 11:01:47 :103063: <3616> <DBUG> |ike| IKE2_updateSadb SA Expired
Aug 23 11:01:47 :103063: <3616> <DBUG> |ike| IKE2_delSa sa:0x8cd744 peer:xx.xxx.xxx.xxx:500 id:2727565188 err:-90036 saflags:41000005 arflags:20
Aug 23 11:01:47 :103063: <3616> <DBUG> |ike| IKE2_delSa before IKE2_delXchg
Aug 23 11:01:47 :103063: <3616> <DBUG> |ike| CHILD_SA [v2 I
Aug 23 11:01:47 :103060: <3616> <DBUG> |ike| exchange.c:exchange_negotiation_state_done:2931 Ipsec map Versremotesite is marked negotiation-done
Aug 23 11:01:47 :103063: <3616> <DBUG> |ike| IKEresetEventsByMap: reset event id:0 for map Versremotesite
Aug 23 11:01:47 :103063: <3616> <DBUG> |ike| , status = -8949
Aug 23 11:01:47 :103063: <3616> <DBUG> |ike| IKE_delIPsecSa: Removing SPI 0xd1461300 from SPI hash table
Aug 23 11:01:47 :103063: <3616> <DBUG> |ike| ipsec_spi_hash_tbl_entry_remove: Successfully removed IPSEC spi 0xd1461300 from SPI hash table
Aug 23 11:01:47 :103060: <3616> <DBUG> |ike| exchange.c:exchange_negotiation_state_done:2931 Ipsec map Versremotesite is marked negotiation-done
Aug 23 11:01:47 :103063: <3616> <DBUG> |ike| IKE_SA [v2 I
Aug 23 11:01:47 :103063: <3616> <DBUG> |ike| , status = -8949
Aug 23 11:01:47 :103063: <3616> <DBUG> |ike| IKE_deleteHW_state cookies:c20c10aa:1f4

Re: Failed to initiate Site-Site VPN for map:XXXXXbecause of missing isakmp policies

with IKE v1 : 

 

Aug 23 11:10:53 :103063: <3616> <DBUG> |ike| sa_release: Removing spi 0x68d8ee00 from spi hash table
Aug 23 11:10:53 :103063: <3616> <DBUG> |ike| ipsec_spi_hash_tbl_entry_remove: Successfully removed IPSEC spi 0x68d8ee00 from SPI hash table
Aug 23 11:10:54 :103063: <3616> <DBUG> |ike| initiator_send_HASH_SA_NONCE map Versremotesite v:1
Aug 23 11:10:54 :103060: <3616> <DBUG> |ike| ike_quick_mode.c:initiator_send_HASH_SA_NONCE:523 ipsec_map peer IP:xxx.xxx.xxx.xxx SA IP:xxx.xxx.xxx.xxx map_name Versremotesite
Aug 23 11:10:54 :103060: <3616> <DBUG> |ike| ike_quick_mode.c:initiator_send_HASH_SA_NONCE:537 p2-exchange-name:Versremotesite map_name Versremotesite
Aug 23 11:10:54 :103060: <3616> <DBUG> |ike| ike_quick_mode.c:initiator_send_HASH_SA_NONCE:877 Group 2 descriptor for PFS
Aug 23 11:10:54 :103063: <3616> <DBUG> |ike| ipsec_spi_hash_tbl_entry_add: adding IPSEC spi 0xbae8400 to SPI hash table
Aug 23 11:10:54 :103063: <3616> <DBUG> |ike| ipsec_spi_hash_tbl_entry_add: successfully added IPSEC spi 0xbae8400 to SPI hash table
Aug 23 11:10:54 :103063: <3616> <DBUG> |ike| group_get entered id:2
Aug 23 11:10:54 :103063: <3616> <DBUG> |ike| group_get ike_group:0x575198
Aug 23 11:10:54 :103063: <3616> <DBUG> |ike| modp_init entered
Aug 23 11:10:54 :103063: <3616> <DBUG> |ike| group_get group:0x79547c
Aug 23 11:10:54 :103063: <3616> <DBUG> |ike| modp_create_exchange: entered
Aug 23 11:10:54 :103060: <3616> <DBUG> |ike| ike_quick_mode.c:initiator_send_HASH_SA_NONCE:1125 id_type local_id=c0a80a00 remote_id ac120a00 for map-name Versremotesite
Aug 23 11:10:54 :103060: <3616> <DBUG> |ike| exchange.c:exchange_negotiation_state_inprog:2916 Ipsec map Versremotesite is marked negotiation-inprogress
Aug 23 11:10:54 :103063: <3616> <DBUG> |ike| initiator_send_HASH_SA_NONCE map Versremotesite v:1
Aug 23 11:10:54 :103060: <3616> <DBUG> |ike| ike_quick_mode.c:initiator_send_HASH_SA_NONCE:523 ipsec_map peer IP:xxx.xxx.xxx.xxx SA IP:xxx.xxx.xxx.xxx map_name Versremotesite
Aug 23 11:10:54 :103060: <3616> <DBUG> |ike| ike_quick_mode.c:initiator_send_HASH_SA_NONCE:537 p2-exchange-name:xxx.xxx.xxx.xxx map_name Versremotesite
Aug 23 11:10:54 :103063: <3616> <DBUG> |ike| initiator_send_HASH_SA_NONCE map default-local-master-ipsecmap v:1
Aug 23 11:10:54 :103060: <3616> <DBUG> |ike| ike_quick_mode.c:initiator_send_HASH_SA_NONCE:523 ipsec_map peer IP:xxx.xxx.xxx.xxx SA IP:xxx.xxx.xxx.xxx map_name default-local-master-ipsecmap
Aug 23 11:10:54 :103060: <3616> <DBUG> |ike| ike_quick_mode.c:initiator_send_HASH_SA_NONCE:537 p2-exchange-name:xxx.xxx.xxx.xxx map_name default-local-master-ipsecmap
Aug 23 11:10:54 :103063: <3616> <DBUG> |ike| initiator_send_HASH_SA_NONCE map default-rap-ipsecmap v:2
Aug 23 11:10:54 :103063: <3616> <DBUG> |ike| initiator_send_HASH_SA_NONCE map GLOBAL-IKEV2-MAP v:2
Aug 23 11:10:54 :103063: <3616> <DBUG> |ike| initiator_send_HASH_SA_NONCE map default-ikev2-dynamicmap v:2
Aug 23 11:10:54 :103063: <3616> <DBUG> |ike| initiator_send_HASH_SA_NONCE map GLOBAL-MAP v:1
Aug 23 11:10:54 :103063: <3616> <DBUG> |ike| initiator_send_HASH_SA_NONCE map default-dynamicmap v:1
Aug 23 11:10:54 :103060: <3616> <DBUG> |ike| ike_quick_mode.c:initiator_send_HASH_SA_NONCE:523 ipsec_map peer IP:0.0.0.0 SA IP:xxx.xxx.xxx.xxx map_name default-dynamicmap
Aug 23 11:10:54 :103060: <3616> <DBUG> |ike| ike_quick_mode.c:initiator_send_HASH_SA_NONCE:951 Couldn't find map for this peer
Aug 23 11:10:54 :103063: <3616> <DBUG> |ike| exchange_run: doi->initiator (0x8ec4cc) failed retval:-1
Aug 23 11:10:54 :103063: <3616> <DBUG> |ike| xxx.xxx.xxx.xxx:4500-> ->Delete INFO Exchange ic c39a0c89f998b7cf rc 86c0f7f755ff8f7c

Re: Failed to initiate Site-Site VPN for map:XXXXXbecause of missing isakmp policies

so i guess my main issue is:

 

Dropping IKE message drop from xx.xxx.xxx.xxx 4500 due to notification type:INVALID_MESSAGE_ID

 

do you have any idea?

Guru Elite

Re: Failed to initiate Site-Site VPN for map:XXXXXbecause of missing isakmp policies

I honestly have never tried to connect it to that type of device so I am just guessing.  Does the manufacturer have any advice about what setups it would work with?


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars

Re: Failed to initiate Site-Site VPN for map:XXXXXbecause of missing isakmp policies

not really,... just some global information....

 

But i've looked online and the error : INVALID_MESSAGE_ID  could be a wrong peer ID.

 

In my case it could be that the checkpoint is waiting the external IP (WAN IP) but the Aruba send le local 192.x.x.x and cause a invalid ID,

 

what do you think about it ? do you have any idea how i can be sure that the Aruba send the correct IP as peer ID ?

 

+

Guru Elite

Re: Failed to initiate Site-Site VPN for map:XXXXXbecause of missing isakmp policies

ON the checkpoint can you see an error message?  Can you tell what ip address it is coming from?  Does the connection require a preshared key?


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars

Re: Failed to initiate Site-Site VPN for map:XXXXXbecause of missing isakmp policies

i saw nothing, just some an information related to the "agressive mode"

 

i've tried to disabled it, but the same.

 

the show datapath session | i 4500 show me the both external IP address.

 

yes we are using pre-shared key

Re: Failed to initiate Site-Site VPN for map:XXXXXbecause of missing isakmp policies

Joseph, 

 

if you check the log below, normaly the bold ip should be the external instead of the local as below no?

 

if.c:GetIPAddrByVlanId:216 vlan 0 ip 192.168.10.2
Aug 23 14:54:33 :103060: <3616> <DBUG> |ike| ike_phase_1.c:ike_phase_1_send_ID:1837 with SwitchIP 192.168.10.2
Aug 23 14:54:33 :103063: <3616> <DBUG> |ike| ike_phase_1_send_ID WAN-IP-Address
Aug 23 14:54:33 :103060: <3616> <DBUG> |ike| exchange.c:exchange_negotiation_state_inprog:2916 Ipsec map default-local-master-ipsecmap is marked negotiation-inprogress
Aug 23 14:54:33 :103063: <3616> <DBUG> |ike| WAN-IP-Address:4500-> message_recv: invalid message id
Aug 23 14:54:33 :103054: <3616> <INFO> |ike| Dropping IKE message drop from WAN-IP-Address 4500 due to notification type:INVALID_MESSAGE_ID
Aug 23 14:54:53 :103063: <3616> <DBUG> |ike| ->Delete AGGRESSIVE Exchange ic 54f36b40fc568b3c rc 0000000000000000
Aug 23 14:54:53 :103063: <3616> <DBUG> |ike| modp_free entered
Aug 23 14:54:53 :103060: <3616> <DBUG> |ike| exchange.c:exchange_negotiation_state_done:2931 Ipsec map default-local-master-ipsecmap is marked negotiation-done
Aug 23 14:54:53 :103063: <3616> <DBUG> |ike| sa_release-> SA ph:1 ref:0 flags:10000 ic 54f36b40fc568b3c rc 0000000000000000
Aug 23 14:54:54 :103060: <3616> <DBUG> |ike| if.c:GetIPAddrByVlanId:216 vlan 0 ip 192.168.10.2
Aug 23 14:54:54 :103063: <3616> <DBUG> |ike| New(1) AGGRESSIVE Exchange ic a6536b01e6864de2 rc 0000000000000000
Aug 23 14:54:54 :103063: <3616> <DBUG> |ike| ike_phase_1_initiator_send_SA matching IKE policy version is not v1 or policy (priority = 18) is disabled
Aug 23 14:54:54 :103063: <3616> <DBUG> |ike| ike_phase_1_initiator_send_SA policy:10001 enc:5 hmac:2 auth:1 group:2
Aug 23 14:54:54 :103063: <3616> <DBUG> |ike| ike_phase_1_initiator_send_SA matching IKE policy version is not v1 or policy (priority = 10004) is disabled
Aug 23 14:54:54 :103063: <3616> <DBUG> |ike| ike_phase_1_initiator_send_SA matching IKE policy version is not v1 or policy (priority = 10006) is disabled
Aug 23 14:54:54 :103063: <3616> <DBUG> |ike| ike_phase_1_initiator_send_SA matching IKE policy version is not v1 or policy (priority = 10007) is disabled
Aug 23 14:54:54 :103063: <3616> <DBUG> |ike| ike_phase_1_initiator_send_SA matching IKE policy version is not v1 or policy (priority = 10008) is disabled
Aug 23 14:54:54 :103063: <3616> <DBUG> |ike| ike_phase_1_initiator_send_SA matching IKE policy version is not v1 or policy (priority = 10009) is disabled
Aug 23 14:54:54 :103063: <3616> <DBUG> |ike| ike_phase_1_initiator_send_SA matching IKE policy version is not v1 or policy (priority = 10012) is disabled
Aug 23 14:54:54 :103063: <3616> <DBUG> |ike| group_get entered id:2
Aug 23 14:54:54 :103063: <3616> <DBUG> |ike| group_get ike_group:0x575198
Aug 23 14:54:54 :103063: <3616> <DBUG> |ike| modp_init entered
Aug 23 14:54:54 :103063: <3616> <DBUG> |ike| group_get group:0x79a304
Aug 23 14:54:54 :103060: <3616> <DBUG> |ike| ike_phase_1.c:ike_phase_1_initiator_send_SA:428 peer:WAN-IP-Address
Aug 23 14:54:54 :103063: <3616> <DBUG> |ike| Adding ipcomp vendor id payload
Aug 23 14:54:54 :103063: <3616> <DBUG> |ike| Adding mac addr of the controller
Aug 23 14:54:54 :103063: <3616> <DBUG> |ike| modp_create_exchange: entered
Aug 23 14:54:54 :103063: <3616> <DBUG> |ike| ike_phase_1_send_KE_NONCE WAN-IP-Address
Aug 23 14:54:54 :103060: <3616> <DBUG> |ike| if.c:GetIPAddrByVlanId:216 vlan 0 ip 192.168.10.2
Aug 23 14:54:54 :103060: <3616> <DBUG> |ike| ike_phase_1.c:ike_phase_1_send_ID:1837 with SwitchIP 192.168.10.2
Aug 23 14:54:54 :103063: <3616> <DBUG> |ike| ike_phase_1_send_ID WAN-IP-Address
Aug 23 14:54:54 :103060: <3616> <DBUG> |ike| exchange.c:exchange_negotiation_state_inprog:2916 Ipsec map default-local-master-ipsecmap is marked negotiation-inprogress
Aug 23 14:54:54 :103063: <3616> <DBUG> |ike| WAN-IP-Address:4500-> message_recv: invalid message id
Aug 23 14:54:54 :103054: <3616> <INFO> |ike| Dropping IKE message drop from WAN-IP-Address 4500 due to notification type:INVALID_MESSAGE_ID

Guru Elite

Re: Failed to initiate Site-Site VPN for map:XXXXXbecause of missing isakmp policies

It looks like none of your policies match the checkpoint's policies:

 

Aug 23 14:54:54 :103060: <3616> <DBUG> |ike| if.c:GetIPAddrByVlanId:216 vlan 0 ip 192.168.10.2
Aug 23 14:54:54 :103063: <3616> <DBUG> |ike| New(1) AGGRESSIVE Exchange ic a6536b01e6864de2 rc 0000000000000000
Aug 23 14:54:54 :103063: <3616> <DBUG> |ike| ike_phase_1_initiator_send_SA matching IKE policy version is not v1 or policy (priority = 18) is disabled
Aug 23 14:54:54 :103063: <3616> <DBUG> |ike| ike_phase_1_initiator_send_SA policy:10001 enc:5 hmac:2 auth:1 group:2
Aug 23 14:54:54 :103063: <3616> <DBUG> |ike| ike_phase_1_initiator_send_SA matching IKE policy version is not v1 or policy (priority = 10004) is disabled
Aug 23 14:54:54 :103063: <3616> <DBUG> |ike| ike_phase_1_initiator_send_SA matching IKE policy version is not v1 or policy (priority = 10006) is disabled
Aug 23 14:54:54 :103063: <3616> <DBUG> |ike| ike_phase_1_initiator_send_SA matching IKE policy version is not v1 or policy (priority = 10007) is disabled
Aug 23 14:54:54 :103063: <3616> <DBUG> |ike| ike_phase_1_initiator_send_SA matching IKE policy version is not v1 or policy (priority = 10008) is disabled
Aug 23 14:54:54 :103063: <3616> <DBUG> |ike| ike_phase_1_initiator_send_SA matching IKE policy version is not v1 or policy (priority = 10009) is disabled
Aug 23 14:54:54 :103063: <3616> <DBUG> |ike| ike_phase_1_initiator_send_SA matching IKE policy version is not v1 or policy (priority = 10012) is disabled
Aug 23 14:54:54 :103063: <3616> <DBUG> |ike| group_get entered id:2

 

I would contact Checkpoint to ask what the policies on the other side should look like...


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars

Re: Failed to initiate Site-Site VPN for map:XXXXXbecause of missing isakmp policies

i guess we did a little jump....

 

Aug 24 07:16:18 :103063: <3617> <DBUG> |ike| WAN-IP-Address:500-> group_get ike_group:0x575198
Aug 24 07:16:18 :103063: <3617> <DBUG> |ike| WAN-IP-Address:500-> modp_init entered
Aug 24 07:16:18 :103063: <3617> <DBUG> |ike| WAN-IP-Address:500-> group_get group:0x7a918c
Aug 24 07:16:18 :103063: <3617> <DBUG> |ike| WAN-IP-Address:500-> modp_create_exchange: entered
Aug 24 07:16:18 :103060: <3617> <DBUG> |ike| WAN-IP-Address:500-> nat_traversal.c:nat_t_generate_nat_d_hash:267 IP WAN-IP-Address Port 500
Aug 24 07:16:18 :103060: <3617> <DBUG> |ike| WAN-IP-Address:500-> nat_traversal.c:nat_t_generate_nat_d_hash:267 IP 192.168.10.2 Port 500
Aug 24 07:16:18 :103060: <3617> <DBUG> |ike| WAN-IP-Address:500-> nat_traversal.c:nat_t_exchange_add_nat_d:377 NAT-T added hashes for src=192.168.10.2:500, dst=WAN-IP-Address:500
Aug 24 07:16:18 :103063: <3617> <DBUG> |ike| WAN-IP-Address:500-> ike_phase_1_send_KE_NONCE WAN-IP-Address
Aug 24 07:16:18 :103060: <3617> <DBUG> |ike| WAN-IP-Address:500-> ike_phase_1.c:ike_phase_1_recv_KE_NONCE:1332 Initiator, allowing NAT-T checks.
Aug 24 07:16:18 :103060: <3617> <DBUG> |ike| WAN-IP-Address:500-> nat_traversal.c:nat_t_generate_nat_d_hash:267 IP 192.168.10.2 Port 500
Aug 24 07:16:18 :103060: <3617> <DBUG> |ike| WAN-IP-Address:500-> nat_traversal.c:nat_t_generate_nat_d_hash:267 IP WAN-IP-Address Port 500
Aug 24 07:16:18 :103063: <3617> <DBUG> |ike| WAN-IP-Address:500-> nat_t_exchange_check_nat_d enable NATT
Aug 24 07:16:18 :103060: <3617> <DBUG> |ike| WAN-IP-Address:500-> nat_traversal.c:nat_t_exchange_check_nat_d:535 NAT detected, this switch is behind a NAT device
Aug 24 07:16:18 :103063: <3617> <DBUG> |ike| WAN-IP-Address:500-> GetFirstMatchIsakmpPSK: entering
Aug 24 07:16:18 :103063: <3617> <DBUG> |ike| WAN-IP-Address:500-> mask FFFFFFFF, ip C20C10AA, key_ip C20C10AA
Aug 24 07:16:18 :103060: <3617> <DBUG> |ike| WAN-IP-Address:500-> ike_auth.c:ike_auth_get_key:603 Found isakmp policy for peer WAN-IP-Address client:no
Aug 24 07:16:18 :103063: <3617> <DBUG> |ike| WAN-IP-Address:500-> ike_phase_1_post_exchange_KE_NONCE IV len:16
Aug 24 07:16:18 :103063: <3617> <DBUG> |ike| WAN-IP-Address:500-> ike_phase_1_post_exchange_KE_NONCE done WAN-IP-Address g_x_len:128 skeyid_len:20
Aug 24 07:16:18 :103063: <3617> <DBUG> |ike| WAN-IP-Address:500-> ike_phase_1_send_ID WAN-IP-Address
Aug 24 07:16:18 :103063: <3617> <DBUG> |ike| WAN-IP-Address:500-> ike_auth_hash
Aug 24 07:16:18 :103063: <3617> <DBUG> |ike| WAN-IP-Address:500-> ike_phase_1_send_AUTH
Aug 24 07:16:18 :103063: <3617> <DBUG> |ike| 192.168.10.1:4500-> message_parse_payloads: invalid next payload type <Unknown 95> in payload of type 5
Aug 24 07:16:18 :103060: <3617> <DBUG> |ike| 192.168.10.1:4500-> message.c:message_drop:2886 Message drop from 192.168.10.1 port 4500 due to notification type INVALID_PAYLOAD_TYPE
Aug 24 07:16:18 :103053: <3617> <INFO> |ike| Drop message from WAN-IP-Address due to invalid IKE shared-secret
Aug 24 07:16:21 :103063: <3617> <DBUG> |ike| WAN-IP-Address:500-> message_recv: invalid cookie(s) 91469bddd816b3b3 575499fd899d2317
Aug 24 07:16:21 :103060: <3617> <DBUG> |ike| WAN-IP-Address:500-> message.c:message_drop:2886 Message drop from WAN-IP-Address port 500 due to notification type INVALID_COOKIE
Aug 24 07:16:25 :103063: <3617> <DBUG> |ike| WAN-IP-Address:500-> message_recv: invalid cookie(s) 91469bddd816b3b3 575499fd899d2317
Aug 24 07:16:25 :103060: <3617> <DBUG> |ike| WAN-IP-Address:500-> message.c:message_drop:2886 Message drop from WAN-IP-Address port 500 due to notification type INVALID_COOKIE
Aug 24 07:16:29 :103063: <3617> <DBUG> |ike| WAN-IP-Address:500-> message_recv: invalid cookie(s) 91469bddd816b3b3 575499fd899d2317
Aug 24 07:16:29 :103060: <3617> <DBUG> |ike| WAN-IP-Address:500-> message.c:message_drop:2886 Message drop from WAN-IP-Address port 500 due to notification type INVALID_COOKIE

 

i did twice to fill out the pre-shared key.... the same on both sites

 

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: