Adtran
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Anonymous
Not applicable
‎11-19-2013 10:38 AM

Crypto Ike Negotion - What does this means

Jump to solution

Hi,  Can anyone tell me what does this means?  I setup two VPN from Adtran to Zytel router.  This is error I'm getting.  Everything is working fine except these errors.

2013.01.18 22:26:29 CRYPTO_IKE.NEGOTIATION DPDNodeNotifyMsgVpnMutexPath :: Node not found in P1 or P2 list

2013.01.18 22:26:31 CRYPTO_IKE.NEGOTIATION DPDNodeNotifyMsgVpnMutexPath :: Node not found in P1 or P2 list

2013.01.18 22:26:34 CRYPTO_IKE.NEGOTIATION DPDNodeNotifyMsgVpnMutexPath :: Node not found in P1 or P2 list

2013.01.18 22:26:39 CRYPTO_IKE.NEGOTIATION DPDNodeNotifyMsgVpnMutexPath :: Node not found in P1 or P2 list

2013.01.18 22:26:47 CRYPTO_IKE.NEGOTIATION DPDNodeNotifyMsgVpnMutexPath :: Node not found in P1 or P2 list

2013.01.18 22:27:00 CRYPTO_IKE.NEGOTIATION DPDNodeNotifyMsgVpnMutexPath :: Node not found in P1 or P2 list

Tags (4)
0 Kudos
Reply
1 Solution

Accepted Solutions
Anonymous
Not applicable
‎11-22-2013 11:35 AM

Re: Crypto Ike Negotion - What does this means

Jump to solution

:

Sometimes if there is no audio traversing a VPN, it is because the RTP/media stream uses IP addresses that are not in the VPN selectors.  Can you confirm that the RTP/media stream for the audio is using the same ACL as the rest of the VPN traffic?

Levi

View solution in original post

0 Kudos
Reply
5 Replies
Anonymous
Not applicable
‎11-21-2013 04:12 PM

Re: Crypto Ike Negotion - What does this means

Jump to solution

:

Thank you for asking this question in the support community.  When you get a chance, will you reply with the current configuration (please, remember to remove any sensitive information)?  Also, if you could include the output from the debug crypto ike command, that would be helpful as well.

Please, do not hesitate to reply with any questions or additional information.  I will be happy to help in any way I can.

Levi

0 Kudos
Accept as Solution Reply
Anonymous
Not applicable
‎11-22-2013 09:08 AM

Re: Crypto Ike Negotion - What does this means

Jump to solution

Thanks Levi - FYI - The VPN is up and running.  I can't get any audio though, wonder if this is affecting it.  Attached is config file as well.  Thanks much!

2013.01.21 20:59:23 CRYPTO_IKE.NEGOTIATION <POLICY: 100> PAYLOADS: HASH,NOTIFY

2013.01.21 20:59:23 CRYPTO_IKE.NEGOTIATION   HASH PAYLOAD

2013.01.21 20:59:23 CRYPTO_IKE.NEGOTIATION   NOTIFY PAYLOAD

2013.01.21 20:59:23 CRYPTO_IKE.NEGOTIATION     DOI: 1

2013.01.21 20:59:23 CRYPTO_IKE.NEGOTIATION     Protocol Id: 1

2013.01.21 20:59:23 CRYPTO_IKE.NEGOTIATION     Size of SPI: 16

2013.01.21 20:59:23 CRYPTO_IKE.NEGOTIATION     Type of notify message: 36136

2013.01.21 20:59:23 CRYPTO_IKE.NEGOTIATION     Notify Type: R_U_THERE_REQUEST (3                                                                                                                                                             6136)

2013.01.21 20:59:23 CRYPTO_IKE.NEGOTIATION     Length of Notification Data: 4

2013.01.21 20:59:23 CRYPTO_IKE.NEGOTIATION     Notification Data In HEX Follows:                                                                                                                                                            

2013.01.21 20:59:23 CRYPTO_IKE.NEGOTIATION       05 B9 32 AE              ..2.                                                                                                                                                              

2013.01.21 20:59:23 CRYPTO_IKE.NEGOTIATION

2013.01.21 20:59:23 CRYPTO_IKE.NEGOTIATION IkeInNotifyProcess: NOTIFY TYPE: R U                                                                                                                                                              THERE (36136)

2013.01.21 20:59:23 CRYPTO_IKE.NEGOTIATION DPDNodeNotifyMsgVpnMutexPath :: Node                                                                                                                                                              not found in P1 or P2 list  ur

2013.01.21 20:59:24 CRYPTO_IKE.NEGOTIATION peer 24.227.236.238: Received informa                                                                                                                                                             tional exchange message

2013.01.21 20:59:24 CRYPTO_IKE.NEGOTIATION <POLICY: 100> PAYLOADS: HASH,NOTIFY

2013.01.21 20:59:24 CRYPTO_IKE.NEGOTIATION   HASH PAYLOAD

2013.01.21 20:59:24 CRYPTO_IKE.NEGOTIATION   NOTIFY PAYLOAD

2013.01.21 20:59:24 CRYPTO_IKE.NEGOTIATION     DOI: 1

2013.01.21 20:59:24 CRYPTO_IKE.NEGOTIATION     Protocol Id: 1

2013.01.21 20:59:24 CRYPTO_IKE.NEGOTIATION     Size of SPI: 16

2013.01.21 20:59:24 CRYPTO_IKE.NEGOTIATION     Type of notify message: 36136

2013.01.21 20:59:24 CRYPTO_IKE.NEGOTIATION     Notify Type: R_U_THERE_REQUEST (3                                                                                                                                                             6136)

2013.01.21 20:59:24 CRYPTO_IKE.NEGOTIATION     Length of Notification Data: 4

2013.01.21 20:59:24 CRYPTO_IKE.NEGOTIATION     Notification Data In HEX Follows:                                                                                                                                                            

2013.01.21 20:59:24 CRYPTO_IKE.NEGOTIATION       05 B9 32 AF              ..2.                                                                                                                                                              

2013.01.21 20:59:24 CRYPTO_IKE.NEGOTIATION

2013.01.21 20:59:24 CRYPTO_IKE.NEGOTIATION IkeInNotifyProcess: NOTIFY TYPE: R U                                                                                                                                                              THERE (36136)

2013.01.21 20:59:24 CRYPTO_IKE.NEGOTIATION DPDNodeNotifyMsgVpnMutexPath :: Node                                                                                                                                                              not fou

2013.01.21 20:59:26 CRYPTO_IKE.NEGOTIATION peer 24.227.236.238: Received informa                                                                                                                                                             tional exchange message

2013.01.21 20:59:26 CRYPTO_IKE.NEGOTIATION <POLICY: 100> PAYLOADS: HASH,NOTIFY

2013.01.21 20:59:26 CRYPTO_IKE.NEGOTIATION   HASH PAYLOAD

2013.01.21 20:59:26 CRYPTO_IKE.NEGOTIATION   NOTIFY PAYLOAD

2013.01.21 20:59:26 CRYPTO_IKE.NEGOTIATION     DOI: 1

2013.01.21 20:59:26 CRYPTO_IKE.NEGOTIATION     Protocol Id: 1

2013.01.21 20:59:26 CRYPTO_IKE.NEGOTIATION     Size of SPI: 16

2013.01.21 20:59:26 CRYPTO_IKE.NEGOTIATION     Type of notify message: 36136

2013.01.21 20:59:26 CRYPTO_IKE.NEGOTIATION     Notify Type: R_U_THERE_REQUEST (3                                                                                                                                                             6136)

2013.01.21 20:59:26 CRYPTO_IKE.NEGOTIATION     Length of Notification Data: 4

2013.01.21 20:59:26 CRYPTO_IKE.NEGOTIATION     Notification Data In HEX Follows:                                                                                                                                                            

2013.01.21 20:59:26 CRYPTO_IKE.NEGOTIATION       05 B9 32 B0              ..2.                                                                                                                                                              

2013.01.21 20:59:26 CRYPTO_IKE.NEGOTIATION

2013.01.21 20:59:26 CRYPTO_IKE.NEGOTIATION IkeInNotifyProcess: NOTIFY TYPE: R U                                                                                                                                                              THERE (36136)

2013.01.21 20:59:26 CRYPTO_IKE.NEGOTIATION DPDNodeNotifyMsgVpnMutexPath :: Node                                                                                                                                                              not found in P1 or P2 list  u all

Tarantino_Austin#

2013.01.21 20:59:29 CRYPTO_IKE.NEGOTIATION DPDNodeNotifyMsgVpnMutexPath :: Node  

0 Kudos
Accept as Solution Reply
Anonymous
Not applicable
‎11-22-2013 09:11 AM

Re: Crypto Ike Negotion - What does this means

Jump to solution


hostname "TEST"
enable password ************
!
clock timezone -6-Central-Time
!
ip subnet-zero
ip classless
ip routing
ipv6 unicast-routing
!
!
domain-proxy
name-server 4.2.2.2
!
!
no auto-config
!
event-history on
no logging forwarding
logging forwarding priority-level info
no logging email
!
no service password-encryption
!
username "admin" password "**********"
!
banner motd #

                ****** Important Banner Message ******

                ****** Important Banner Message ******

#

ip firewall
no ip firewall alg msn
no ip firewall alg mszone
no ip firewall alg h323
no ip firewall alg sip
!

no dot11ap access-point-control

ip dhcp excluded-address 192.168.2.0 192.168.2.35
ip dhcp excluded-address 192.168.2.255
ip dhcp excluded-address 192.168.2.100 192.168.2.120
ip dhcp excluded-address 192.168.2.239
ip dhcp excluded-address 192.168.2.36 192.168.2.40
!
ip dhcp pool "Private"
  network 192.168.2.0 255.255.255.0
  dns-server 209.18.47.61 209.18.47.62
  default-router 192.168.2.1
!!
ip crypto
!
crypto ike policy 100
  initiate main
  respond anymode
  local-id address 22.22.22.22
  peer 33.33.33.33
  attribute 3
    hash md5
    authentication pre-share
    lifetime 86400
!
crypto ike policy 101
  initiate main
  respond anymode
  local-id address 22.22.22.22
  peer 44.44.44.44
  attribute 3
    hash md5
    authentication pre-share
    lifetime 86400
!
crypto ike remote-id address 33.33.33.33 preshared-key ********* ike-policy 100 crypto map VPN 10 no-mode-config no-xauth
crypto ike remote-id address 44.44.44.44 preshared-key ******** ike-policy 101 crypto map VPN 20 no-mode-config no-xauth
!
crypto ipsec transform-set esp-des-esp-sha-hmac esp-des esp-sha-hmac
  mode tunnel
!
crypto map VPN 10 ipsec-ike
  description San Antonio
  match address VPN-10-vpn-selectors
  set peer 33.33.33.33
  set transform-set esp-des-esp-sha-hmac
  set security-association lifetime seconds 86400
  ike-policy 100
crypto map VPN 20 ipsec-ike
  description Houston
  match address VPN-20-vpn-selectors
  set peer 44.44.44.44
  set transform-set esp-des-esp-sha-hmac
  set security-association lifetime seconds 86400
  ike-policy 101
!
qos map "VOIP DSCP" 10
  match ip list VOIPTAGDSCP
  set dscp 46
!
qos map VOIPOUT 10
  match dscp 46 26
  priority unlimited

vlan 1
  name "Default"

no ethernet cfm
!
interface eth 0/1
  ip address  24.xx.xx.xx  255.255.255.252
  ip mtu 1500
  ip access-policy Public
  crypto map VPN
  no rtp quality-monitoring
  media-gateway ip primary
  traffic-shape rate 1200000
  qos-policy out VOIPOUT
  no shutdown
!
!
interface eth 0/2
  no ip address
  shutdown

interface switchport 0/1
  no shutdown
!
interface switchport 0/2
  no shutdown
!
interface switchport 0/3
  no shutdown
!
interface switchport 0/4
  no shutdown
!
interface switchport 0/5
  no shutdown
!
interface switchport 0/6
  no shutdown
!
interface switchport 0/7
  no shutdown
!
interface switchport 0/8
  no shutdown
!

interface vlan 1
  ip address  192.168.2.1  255.255.255.0
  ip access-policy Private
  media-gateway ip primary
  qos-policy in "VOIP DSCP"
  no shutdown
!

!
ip access-list standard wizard-ics
  remark Internet Connection Sharing
  permit any

ip access-list extended self
  remark Traffic to NetVanta
  permit ip any  any     log
!
ip access-list extended VOIPTAGDSCP
  permit udp any range 1024 1088 any   
  permit udp any eq 5060 any   
!
ip access-list extended VPN-10-vpn-selectors
  permit ip 192.168.2.0 0.0.0.255  192.168.3.0 0.0.0.255   
!
ip access-list extended VPN-20-vpn-selectors
  permit ip 192.168.2.0 0.0.0.255  192.168.1.0 0.0.0.255   
!
ip access-list extended web-acl-4
  remark NECDSX
  permit tcp any  any eq 8000   log
!
ip access-list extended web-acl-8
  remark voip sa austin
  permit ip 192.168.2.0 0.0.0.255  192.168.3.0 0.0.0.255   
!
ip access-list extended wizard-remote-access
  remark do not hand edit this ACL
  permit tcp any  any eq www   log
  permit tcp any  any eq ssh   log
  permit tcp any  any eq https   log
!

ip policy-class Private
  allow list VPN-20-vpn-selectors stateless
  allow list VPN-10-vpn-selectors stateless
  allow list self self
  allow list web-acl-8 policy Private stateless
  nat source list wizard-ics interface eth 0/1 overload
!
ip policy-class Public
  allow reverse list VPN-20-vpn-selectors stateless
  allow reverse list VPN-10-vpn-selectors stateless
  allow list wizard-remote-access self
  nat destination list web-acl-4 address 192.168.2.239
!

ip route 0.0.0.0 0.0.0.0 24.153.xx.xx
!
no tftp server
no tftp server overwrite
http server
http secure-server
no snmp agent
no ip ftp server
ip ftp server default-filesystem flash
no ip scp server
no ip sntp server
!
!

ip sip
ip sip udp 5060
ip sip udp 5080
ip sip udp 5092
ip sip tcp 5060
!

0 Kudos
Accept as Solution Reply
Anonymous
Not applicable
‎11-22-2013 11:35 AM

Re: Crypto Ike Negotion - What does this means

Jump to solution

:

Sometimes if there is no audio traversing a VPN, it is because the RTP/media stream uses IP addresses that are not in the VPN selectors.  Can you confirm that the RTP/media stream for the audio is using the same ACL as the rest of the VPN traffic?

Levi

0 Kudos
Reply
Anonymous
Not applicable
‎12-19-2013 11:34 AM

Re: Crypto Ike Negotion - What does this means

Jump to solution

I found the problem.  I had the wrong RTP port on the phone itself.  Very weird this phone use different port to receive and send. 

0 Kudos
Accept as Solution Reply