Hi, Can anyone tell me what does this means? I setup two VPN from Adtran to Zytel router. This is error I'm getting. Everything is working fine except these errors.
2013.01.18 22:26:29 CRYPTO_IKE.NEGOTIATION DPDNodeNotifyMsgVpnMutexPath :: Node not found in P1 or P2 list
2013.01.18 22:26:31 CRYPTO_IKE.NEGOTIATION DPDNodeNotifyMsgVpnMutexPath :: Node not found in P1 or P2 list
2013.01.18 22:26:34 CRYPTO_IKE.NEGOTIATION DPDNodeNotifyMsgVpnMutexPath :: Node not found in P1 or P2 list
2013.01.18 22:26:39 CRYPTO_IKE.NEGOTIATION DPDNodeNotifyMsgVpnMutexPath :: Node not found in P1 or P2 list
2013.01.18 22:26:47 CRYPTO_IKE.NEGOTIATION DPDNodeNotifyMsgVpnMutexPath :: Node not found in P1 or P2 list
2013.01.18 22:27:00 CRYPTO_IKE.NEGOTIATION DPDNodeNotifyMsgVpnMutexPath :: Node not found in P1 or P2 list
Sometimes if there is no audio traversing a VPN, it is because the RTP/media stream uses IP addresses that are not in the VPN selectors. Can you confirm that the RTP/media stream for the audio is using the same ACL as the rest of the VPN traffic?
Levi
Thank you for asking this question in the support community. When you get a chance, will you reply with the current configuration (please, remember to remove any sensitive information)? Also, if you could include the output from the debug crypto ike command, that would be helpful as well.
Please, do not hesitate to reply with any questions or additional information. I will be happy to help in any way I can.
Levi
Thanks Levi - FYI - The VPN is up and running. I can't get any audio though, wonder if this is affecting it. Attached is config file as well. Thanks much!
2013.01.21 20:59:23 CRYPTO_IKE.NEGOTIATION <POLICY: 100> PAYLOADS: HASH,NOTIFY
2013.01.21 20:59:23 CRYPTO_IKE.NEGOTIATION HASH PAYLOAD
2013.01.21 20:59:23 CRYPTO_IKE.NEGOTIATION NOTIFY PAYLOAD
2013.01.21 20:59:23 CRYPTO_IKE.NEGOTIATION DOI: 1
2013.01.21 20:59:23 CRYPTO_IKE.NEGOTIATION Protocol Id: 1
2013.01.21 20:59:23 CRYPTO_IKE.NEGOTIATION Size of SPI: 16
2013.01.21 20:59:23 CRYPTO_IKE.NEGOTIATION Type of notify message: 36136
2013.01.21 20:59:23 CRYPTO_IKE.NEGOTIATION Notify Type: R_U_THERE_REQUEST (3 6136)
2013.01.21 20:59:23 CRYPTO_IKE.NEGOTIATION Length of Notification Data: 4
2013.01.21 20:59:23 CRYPTO_IKE.NEGOTIATION Notification Data In HEX Follows:
2013.01.21 20:59:23 CRYPTO_IKE.NEGOTIATION 05 B9 32 AE ..2.
2013.01.21 20:59:23 CRYPTO_IKE.NEGOTIATION
2013.01.21 20:59:23 CRYPTO_IKE.NEGOTIATION IkeInNotifyProcess: NOTIFY TYPE: R U THERE (36136)
2013.01.21 20:59:23 CRYPTO_IKE.NEGOTIATION DPDNodeNotifyMsgVpnMutexPath :: Node not found in P1 or P2 list ur
2013.01.21 20:59:24 CRYPTO_IKE.NEGOTIATION peer 24.227.236.238: Received informa tional exchange message
2013.01.21 20:59:24 CRYPTO_IKE.NEGOTIATION <POLICY: 100> PAYLOADS: HASH,NOTIFY
2013.01.21 20:59:24 CRYPTO_IKE.NEGOTIATION HASH PAYLOAD
2013.01.21 20:59:24 CRYPTO_IKE.NEGOTIATION NOTIFY PAYLOAD
2013.01.21 20:59:24 CRYPTO_IKE.NEGOTIATION DOI: 1
2013.01.21 20:59:24 CRYPTO_IKE.NEGOTIATION Protocol Id: 1
2013.01.21 20:59:24 CRYPTO_IKE.NEGOTIATION Size of SPI: 16
2013.01.21 20:59:24 CRYPTO_IKE.NEGOTIATION Type of notify message: 36136
2013.01.21 20:59:24 CRYPTO_IKE.NEGOTIATION Notify Type: R_U_THERE_REQUEST (3 6136)
2013.01.21 20:59:24 CRYPTO_IKE.NEGOTIATION Length of Notification Data: 4
2013.01.21 20:59:24 CRYPTO_IKE.NEGOTIATION Notification Data In HEX Follows:
2013.01.21 20:59:24 CRYPTO_IKE.NEGOTIATION 05 B9 32 AF ..2.
2013.01.21 20:59:24 CRYPTO_IKE.NEGOTIATION
2013.01.21 20:59:24 CRYPTO_IKE.NEGOTIATION IkeInNotifyProcess: NOTIFY TYPE: R U THERE (36136)
2013.01.21 20:59:24 CRYPTO_IKE.NEGOTIATION DPDNodeNotifyMsgVpnMutexPath :: Node not fou
2013.01.21 20:59:26 CRYPTO_IKE.NEGOTIATION peer 24.227.236.238: Received informa tional exchange message
2013.01.21 20:59:26 CRYPTO_IKE.NEGOTIATION <POLICY: 100> PAYLOADS: HASH,NOTIFY
2013.01.21 20:59:26 CRYPTO_IKE.NEGOTIATION HASH PAYLOAD
2013.01.21 20:59:26 CRYPTO_IKE.NEGOTIATION NOTIFY PAYLOAD
2013.01.21 20:59:26 CRYPTO_IKE.NEGOTIATION DOI: 1
2013.01.21 20:59:26 CRYPTO_IKE.NEGOTIATION Protocol Id: 1
2013.01.21 20:59:26 CRYPTO_IKE.NEGOTIATION Size of SPI: 16
2013.01.21 20:59:26 CRYPTO_IKE.NEGOTIATION Type of notify message: 36136
2013.01.21 20:59:26 CRYPTO_IKE.NEGOTIATION Notify Type: R_U_THERE_REQUEST (3 6136)
2013.01.21 20:59:26 CRYPTO_IKE.NEGOTIATION Length of Notification Data: 4
2013.01.21 20:59:26 CRYPTO_IKE.NEGOTIATION Notification Data In HEX Follows:
2013.01.21 20:59:26 CRYPTO_IKE.NEGOTIATION 05 B9 32 B0 ..2.
2013.01.21 20:59:26 CRYPTO_IKE.NEGOTIATION
2013.01.21 20:59:26 CRYPTO_IKE.NEGOTIATION IkeInNotifyProcess: NOTIFY TYPE: R U THERE (36136)
2013.01.21 20:59:26 CRYPTO_IKE.NEGOTIATION DPDNodeNotifyMsgVpnMutexPath :: Node not found in P1 or P2 list u all
Tarantino_Austin#
2013.01.21 20:59:29 CRYPTO_IKE.NEGOTIATION DPDNodeNotifyMsgVpnMutexPath :: Node
hostname "TEST"
enable password ************
!
clock timezone -6-Central-Time
!
ip subnet-zero
ip classless
ip routing
ipv6 unicast-routing
!
!
domain-proxy
name-server 4.2.2.2
!
!
no auto-config
!
event-history on
no logging forwarding
logging forwarding priority-level info
no logging email
!
no service password-encryption
!
username "admin" password "**********"
!
banner motd #
****** Important Banner Message ******
****** Important Banner Message ******
#
ip firewall
no ip firewall alg msn
no ip firewall alg mszone
no ip firewall alg h323
no ip firewall alg sip
!
no dot11ap access-point-control
ip dhcp excluded-address 192.168.2.0 192.168.2.35
ip dhcp excluded-address 192.168.2.255
ip dhcp excluded-address 192.168.2.100 192.168.2.120
ip dhcp excluded-address 192.168.2.239
ip dhcp excluded-address 192.168.2.36 192.168.2.40
!
ip dhcp pool "Private"
network 192.168.2.0 255.255.255.0
dns-server 209.18.47.61 209.18.47.62
default-router 192.168.2.1
!!
ip crypto
!
crypto ike policy 100
initiate main
respond anymode
local-id address 22.22.22.22
peer 33.33.33.33
attribute 3
hash md5
authentication pre-share
lifetime 86400
!
crypto ike policy 101
initiate main
respond anymode
local-id address 22.22.22.22
peer 44.44.44.44
attribute 3
hash md5
authentication pre-share
lifetime 86400
!
crypto ike remote-id address 33.33.33.33 preshared-key ********* ike-policy 100 crypto map VPN 10 no-mode-config no-xauth
crypto ike remote-id address 44.44.44.44 preshared-key ******** ike-policy 101 crypto map VPN 20 no-mode-config no-xauth
!
crypto ipsec transform-set esp-des-esp-sha-hmac esp-des esp-sha-hmac
mode tunnel
!
crypto map VPN 10 ipsec-ike
description San Antonio
match address VPN-10-vpn-selectors
set peer 33.33.33.33
set transform-set esp-des-esp-sha-hmac
set security-association lifetime seconds 86400
ike-policy 100
crypto map VPN 20 ipsec-ike
description Houston
match address VPN-20-vpn-selectors
set peer 44.44.44.44
set transform-set esp-des-esp-sha-hmac
set security-association lifetime seconds 86400
ike-policy 101
!
qos map "VOIP DSCP" 10
match ip list VOIPTAGDSCP
set dscp 46
!
qos map VOIPOUT 10
match dscp 46 26
priority unlimited
vlan 1
name "Default"
no ethernet cfm
!
interface eth 0/1
ip address 24.xx.xx.xx 255.255.255.252
ip mtu 1500
ip access-policy Public
crypto map VPN
no rtp quality-monitoring
media-gateway ip primary
traffic-shape rate 1200000
qos-policy out VOIPOUT
no shutdown
!
!
interface eth 0/2
no ip address
shutdown
interface switchport 0/1
no shutdown
!
interface switchport 0/2
no shutdown
!
interface switchport 0/3
no shutdown
!
interface switchport 0/4
no shutdown
!
interface switchport 0/5
no shutdown
!
interface switchport 0/6
no shutdown
!
interface switchport 0/7
no shutdown
!
interface switchport 0/8
no shutdown
!
interface vlan 1
ip address 192.168.2.1 255.255.255.0
ip access-policy Private
media-gateway ip primary
qos-policy in "VOIP DSCP"
no shutdown
!
!
ip access-list standard wizard-ics
remark Internet Connection Sharing
permit any
ip access-list extended self
remark Traffic to NetVanta
permit ip any any log
!
ip access-list extended VOIPTAGDSCP
permit udp any range 1024 1088 any
permit udp any eq 5060 any
!
ip access-list extended VPN-10-vpn-selectors
permit ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255
!
ip access-list extended VPN-20-vpn-selectors
permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
!
ip access-list extended web-acl-4
remark NECDSX
permit tcp any any eq 8000 log
!
ip access-list extended web-acl-8
remark voip sa austin
permit ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255
!
ip access-list extended wizard-remote-access
remark do not hand edit this ACL
permit tcp any any eq www log
permit tcp any any eq ssh log
permit tcp any any eq https log
!
ip policy-class Private
allow list VPN-20-vpn-selectors stateless
allow list VPN-10-vpn-selectors stateless
allow list self self
allow list web-acl-8 policy Private stateless
nat source list wizard-ics interface eth 0/1 overload
!
ip policy-class Public
allow reverse list VPN-20-vpn-selectors stateless
allow reverse list VPN-10-vpn-selectors stateless
allow list wizard-remote-access self
nat destination list web-acl-4 address 192.168.2.239
!
ip route 0.0.0.0 0.0.0.0 24.153.xx.xx
!
no tftp server
no tftp server overwrite
http server
http secure-server
no snmp agent
no ip ftp server
ip ftp server default-filesystem flash
no ip scp server
no ip sntp server
!
!
ip sip
ip sip udp 5060
ip sip udp 5080
ip sip udp 5092
ip sip tcp 5060
!
I found the problem. I had the wrong RTP port on the phone itself. Very weird this phone use different port to receive and send.