Crypto System Error Messages for ISAKMP
Crypto System Error Messages for ISAKMP
Cisco IOS software can generate many useful system error
messages for IKE/IPSec. The IOS sends these error messages to the console and,
optionally, to a Syslog server. Understanding that not all system error messages
indicate problems with the system is important. Some are purely informational
and others could help diagnose problems with communications lines, internal
hardware, or the system software.
%CRYPTO-6-IKMP_AUTH_FAIL: Authentication method failed with
host 10.0.50.2
How to Read System Error Messages
System error messages begin with a percent sign (%) and are
structured as follows:
úCILITY-SEVERITY-MNEMONIC: Message-text
For a detailed description of the error messages, search on the
Cisco site for Cisco IOS System Error Messages.
Pay close attention to these messages during initial configuration
and trouble shooting because they can provide the clues to what’s going wrong.
Once the configuration is up and running, if these messages are being logged to
a server, they can help identify and solve problems that arise with data
handling. The following is a sample IPSec system error message:
%CRYPTO-6-IKMP_AUTH_FAIL: Authentication method [dec] failed
with host [IP_address]
Explanation: The IKE process was unable to
authenticate its SA with its remote peer.
%CRYPTO-6-IKMP_MODE_FAILURE: Processing of [chars] mode
failed with peer at [IP_address]
Explanation: Negotiation with the remote peer
failed.
%CRYPTO-6-IKMP_NOT_ENCRYPTED: IKE packet from [IP_address] was not encrypted and it should’ve
been.
Explanation: A portion of the IKE is
unencrypted and a portion is encrypted. This message should have been encrypted,
but wasn’t. This would occur if the ACLs aren’t mirror images of each other on
the peers. See Task 3, Step 3 for details.
cp10 Configuring
3506 times read
|
|
|
Did you enjoy this article?
 (total 8 votes)
|
Sections
Comments (0 posted)
Syndication
