Archive

Posts Tagged ‘isakmp’

Troubleshooting ISAKMP Phase 1 Messages – Part 1

January 22nd, 2015 No comments

This is a must-keep aide-memoir for troubleshooting VPN connections.

IKE (PHASE 1) Messages: Read more…

Categories: CISCO, Security Tags: , ,

Troubleshooting ISAKMP Phase 1 Messages – Part 2

January 24th, 2014 No comments

This post explains the IKE Debug message: “Duplicate first packet detected”

This event is logged when packets do not reach their destination, usually due to network routing problems. The Phase 1 IKE exchange between the tunnel peers fail at MM_WAIT_MSG2

( see: Troubleshooting ISAKMP Phase 1 Messages – Part 1 to understand the IKE Messages further)

1) IKE initator sends MM_SND_MSG1 and goes into MM_WAIT_MSG2 state
2) IKE responder receives MM_SND_MSG1 and sends MM_SND_MSG2 back to the initiator and goes into a MM_WAIT_MSG3 state, expecting MM_SND_MSG3 as the next exchage from the initiator
3) IKE initiator having not received MM_SND_MSG2 from the responder, resends MM_SND_MSG1, resulting in the “Duplicate first packet detected” being logged on the responder. Read more…

Categories: CISCO, Security Tags: , ,