More Cisco VPN questions
#1
Scooby Regular
Thread Starter
Join Date: Jan 2002
Posts: 11,581
Likes: 0
Received 0 Likes
on
0 Posts
I've configured a Cisco router to connect a VPN to another non-Cisco router. They've exchanged keys and ar happy with each others identity etc, however I can't route traffic over the VPN at all and am seeing lots of the following error messages:
00:07:46: %CRYPTO-4-IKMP_NO_SA: IKE message from [peer address] has no SA and is not an initialization offer
I beleive the problem is that the internal ip address range at the remote peer has been incorrectly numbered. They are using live ip addresses that belong to someone else (all hidden so it won't have any other side effects) but I think my router is having routing trouble, even though I've set a route to use the peer as the gateway for that address range.
Am I barking up the wrong tree? Have I missed something really basic?
00:07:46: %CRYPTO-4-IKMP_NO_SA: IKE message from [peer address] has no SA and is not an initialization offer
I beleive the problem is that the internal ip address range at the remote peer has been incorrectly numbered. They are using live ip addresses that belong to someone else (all hidden so it won't have any other side effects) but I think my router is having routing trouble, even though I've set a route to use the peer as the gateway for that address range.
Am I barking up the wrong tree? Have I missed something really basic?
#3
This is something to do with the IKE Security Association which is needed to setup the IPSec tunnel. You may have a configuration error at one end or the other. This is to do with the Keys used to encrypt the data.
Have not played with this in some time so sorry I can not be of any more use.
Si
Have a look at
http://www.cisco.com/warp/public/707/ipsec_debug.html
and the following for some config guides and examples
http://www.cisco.com/warp/public/707/#ipsec
[Edited by SiCotty - 9/25/2002 6:22:29 PM]
Have not played with this in some time so sorry I can not be of any more use.
Si
Have a look at
http://www.cisco.com/warp/public/707/ipsec_debug.html
and the following for some config guides and examples
http://www.cisco.com/warp/public/707/#ipsec
[Edited by SiCotty - 9/25/2002 6:22:29 PM]
#4
Scooby Regular
It looks like the far end doesn't have your information correctly set-up in the SA. You need to associate the far network with the IKE SA so that it knows to use the tunnel correctly. This needs to be done at both ends. Apologies if this is teaching Grandma to suck eggs.....
Jeff
Jeff
Thread
Thread Starter
Forum
Replies
Last Post
Brzoza
Engine Management and ECU Remapping
1
02 October 2015 05:26 PM