zorgi
Зарегистрирован: 06 апр 2020, 10:00 Сообщения: 2
|
Коллеги приветствую, столкнулся с такой же проблемой на Cisco 2921, при этом конфигурация была рабочей несколько месяцев, и в один прекрасный карантинный день все упало. Перепрошил роутер на свежую прошивку, пробовал различные конфигурации L2tp over Ipsec, ничего не помогает сохраняется ошибка: ISAKMP-ERROR: (0):Failed to find peer index node to update peer_info_list Прочитал также всю данную тему, пробовал и различные варианты указанные в данной теме, буду рад любой помощи. Моя конфигурация l2tp: aaa new-model ! ! aaa authentication login default local aaa authentication ppp default local aaa authorization network default local ! multilink bundle-name authenticated ! vpdn enable ! vpdn-group g-l2tp ! Default L2TP VPDN group accept-dialin protocol l2tp virtual-template 1 no l2tp tunnel authentication ! ! crypto isakmp policy 4 encr 3des authentication pre-share group 2 lifetime 3600 ! crypto isakmp key cisco address 0.0.0.0 ! crypto ipsec transform-set L2TP esp-3des esp-sha-hmac mode transport ! crypto dynamic-map SFC-IPSEC 4 set nat demux set transform-set L2TP reverse-route ! crypto map SFC-IPSEC 4 ipsec-isakmp dynamic SFC-IPSEC ! interface Virtual-Template1 ip unnumbered GigabitEthernet0/0 peer default ip address dhcp-pool vpn_access ppp authentication ms-chap-v2 !
Логи: *Apr 7 08:45:12.639: KMI: IPSEC key engine sending message KEY_ENG_NOTIFY_INCR_COUNT to Crypto IKMP. *Apr 7 08:45:12.639: IPSEC(rte_mgr): VPN Route Event Install new outbound sa: Static keyword or dynamic SA create for 128.68.46.111 *Apr 7 08:45:12.639: ISAKMP: (1093):Received IPSec Install callback... proceeding with the negotiation *Apr 7 08:45:12.639: ISAKMP: (1093):Successfully installed IPSEC SA (SPI:0xC0F8076A) on GigabitEthernet0/0 *Apr 7 08:45:12.639: KMI: Crypto IKMP received message KEY_ENG_NOTIFY_QOS_GROUP from IPSEC key engine. *Apr 7 08:45:12.639: KMI: Crypto IKMP received message KEY_ENG_NOTIFY_INCR_COUNT from IPSEC key engine. *Apr 7 08:45:12.639: ISAKMP-PAK: (1093):sending packet to 128.68.46.111 my_port 4500 peer_port 4500 (R) QM_IDLE *Apr 7 08:45:12.639: ISAKMP: (1093):Sending an IKE IPv4 Packet. *Apr 7 08:45:12.639: ISAKMP: (1093):Node 1, Input = IKE_MESG_FROM_IPSEC, IPSEC_INSTALL_DONE *Apr 7 08:45:12.639: ISAKMP: (1093):Old State = IKE_QM_IPSEC_INSTALL_AWAIT New State = IKE_QM_R_QM2 *Apr 7 08:45:12.643: ISAKMP-PAK: (1093):received packet from 128.68.46.111 dport 4500 sport 4500 Global (R) QM_IDLE *Apr 7 08:45:12.647: KMI: Crypto IKMP sending message KEY_MGR_SA_ENABLE_OUTBOUND to IPSEC key engine. *Apr 7 08:45:12.647: ISAKMP: (1093):deleting node 1 error FALSE reason "QM done (await)" *Apr 7 08:45:12.647: ISAKMP: (1093):Node 1, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH *Apr 7 08:45:12.647: ISAKMP: (1093):Old State = IKE_QM_R_QM2 New State = IKE_QM_PHASE2_COMPLETE *Apr 7 08:45:12.647: IPSEC(key_engine): got a queue event with 1 KMI message(s) *Apr 7 08:45:12.647: KMI: IPSEC key engine received message KEY_MGR_SA_ENABLE_OUTBOUND from Crypto IKMP. *Apr 7 08:45:12.647: IPSEC(key_engine_enable_outbound): rec'd enable notify from ISAKMP *Apr 7 08:45:12.647: IPSEC: Expand action denied, notify RP *Apr 7 08:45:12.743: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access3, changed state to up *Apr 7 08:45:12.743: %LINK-3-UPDOWN: Interface Virtual-Access3, changed state to up *Apr 7 08:45:12.787: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access3, changed state to down *Apr 7 08:45:12.791: %LINK-3-UPDOWN: Interface Virtual-Access3, changed state to down *Apr 7 08:45:12.791: ISAKMP-PAK: (1093):received packet from 128.68.46.111 dport 4500 sport 4500 Global (R) QM_IDLE *Apr 7 08:45:12.791: ISAKMP: (1093):set new node 1564495810 to QM_IDLE *Apr 7 08:45:12.791: ISAKMP: (1093):processing HASH payload. message ID = 1564495810 *Apr 7 08:45:12.791: ISAKMP: (1093):processing DELETE payload. message ID = 1564495810 *Apr 7 08:45:12.791: ISAKMP: (1093):peer does not do paranoid keepalives. *Apr 7 08:45:12.791: KMI: Crypto IKMP sending message KEY_MGR_DELETE_SAS to IPSEC key engine. *Apr 7 08:45:12.791: ISAKMP: (1093):Enqueued KEY_MGR_DELETE_SAS for IPSEC SA (SPI:0x688FE5B8) *Apr 7 08:45:12.791: ISAKMP: (1093):deleting node 1564495810 error FALSE reason "Informational (in) state 1" *Apr 7 08:45:12.791: ISAKMP-PAK: (1093):received packet from 128.68.46.111 dport 4500 sport 4500 Global (R) QM_IDLE *Apr 7 08:45:12.791: ISAKMP: (1093):set new node -1054206116 to QM_IDLE *Apr 7 08:45:12.791: ISAKMP: (1093):processing HASH payload. message ID = 3240761180 *Apr 7 08:45:12.791: ISAKMP: (1093):processing DELETE payload. message ID = 3240761180 *Apr 7 08:45:12.791: ISAKMP: (1093):peer does not do paranoid keepalives. *Apr 7 08:45:12.791: ISAKMP: (1093):deleting SA reason "No reason" state (R) QM_IDLE (peer 128.68.46.111) *Apr 7 08:45:12.791: ISAKMP: (1093):deleting node -1054206116 error FALSE reason "Informational (in) state 1" *Apr 7 08:45:12.795: IPSEC(key_engine): got a queue event with 1 KMI message(s) *Apr 7 08:45:12.795: KMI: IPSEC key engine received message KEY_MGR_DELETE_SAS from Crypto IKMP. *Apr 7 08:45:12.795: IDB is NULL : in crypto_ipsec_key_engine_delete_sas (), 5502 *Apr 7 08:45:12.795: IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP *Apr 7 08:45:12.795: IPSEC: still in use sa: 0x245BB174 *Apr 7 08:45:12.795: IPSEC(key_engine_delete_sas): delete SA with spi 0x688FE5B8 proto 50 for 128.68.46.111 *Apr 7 08:45:12.795: IPSEC(delete_sa): deleting SA, (sa) sa_dest= 212.8.239.182, sa_proto= 50, sa_spi= 0xC0F8076A(3237480298), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 2263 sa_lifetime(k/sec)= (250000/3600), (identity) local= 1.1.1.1:0, remote= 128.68.46.111:0, local_proxy= 1.1.1.1/255.255.255.255/17/1701, remote_proxy= 128.68.46.111/255.255.255.255/17/4500 *Apr 7 08:45:12.795: IPSEC(delete_sa): deleting SA, (sa) sa_dest= 128.68.46.111, sa_proto= 50, sa_spi= 0x688FE5B8(1754260920), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 2264 sa_lifetime(k/sec)= (250000/3600), (identity) local= 1.1.1.1:0, remote= 128.68.46.111:0, local_proxy= 1.1.1.1/255.255.255.255/17/1701, remote_proxy= 128.68.46.111/255.255.255.255/17/4500 *Apr 7 08:45:12.795: IPSEC(send_delete_notify_kmi): not sending KEY_ENGINE_DELETE_SAS *Apr 7 08:45:12.795: ISAKMP-ERROR: (0):Failed to find peer index node to update peer_info_list *Apr 7 08:45:12.795: ISAKMP: (1093):set new node -622858762 to QM_IDLE *Apr 7 08:45:12.799: ISAKMP-PAK: (1093):sending packet to 128.68.46.111 my_port 4500 peer_port 4500 (R) QM_IDLE *Apr 7 08:45:12.799: ISAKMP: (1093):Sending an IKE IPv4 Packet. *Apr 7 08:45:12.799: ISAKMP: (1093):purging node -622858762 *Apr 7 08:45:12.799: ISAKMP: (1093):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL *Apr 7 08:45:12.799: ISAKMP: (1093):Old State = IKE_P1_COMPLETE New State = IKE_DEST_SA
*Apr 7 08:45:12.799: ISAKMP: (1093):deleting SA reason "No reason" state (R) QM_IDLE (peer 128.68.46.111) *Apr 7 08:45:12.799: ISAKMP: (0):Unlocking peer struct 0x3E100348 for isadb_mark_sa_deleted(), count 0 *Apr 7 08:45:12.799: ISAKMP: (1093):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Apr 7 08:45:12.799: ISAKMP: (1093):Old State = IKE_DEST_SA New State = IKE_DEST_SA
*Apr 7 08:45:12.807: KMI: IPSEC key engine sending message KEY_ENG_NOTIFY_DECR_COUNT to Crypto IKMP. *Apr 7 08:45:12.807: IPSEC(ident_delete_notify_kmi): Failed to send KEY_ENG_DELETE_SAS *Apr 7 08:45:12.807: IPSEC(ident_update_final_flow_stats): Collect Final Stats and update MIB IPSEC get IKMP peer index from peer 0x22A61EDC ikmp handle 0x80000056 IPSEC IKMP peer index 0 [ident_update_final_flow_stats] : Flow delete complete event received for flow id 0x34000107,peer index 0
*Apr 7 08:45:12.807: KMI: Crypto IKMP received message KEY_ENG_NOTIFY_DECR_COUNT from IPSEC key engine. *Apr 7 08:45:12.807: KMI: Crypto IKMP sending message KEY_MGR_SESSION_CLOSED to IPSEC key engine. *Apr 7 08:45:12.807: ISAKMP: (0):Deleting peer node by peer_reap for 128.68.46.111: 3E100348 *Apr 7 08:45:12.807: IPSEC(key_engine): got a queue event with 1 KMI message(s) *Apr 7 08:45:12.807: KMI: IPSEC key engine received message KEY_MGR_SESSION_CLOSED from Crypto IKMP.
|