![]() If the pre-shared keys do not match it will stay at this MSG. MM_WAIT_MSG6: This step is where the devices exchange pre-shared keys. I have also seen the tunnel stop here when NAT Traversal was on when it needed to be turned off. MM_WAIT_MSG5: This step is where the devices exchange pre-shared keys. Hang up’s here may also be due to mismatch device vendors, a router with a firewall in the way, or even ASA version mismatches. I have seen the tunnel fail at this step due to the remote side having the wrong Peer IP address. If one side sends a key and does not receive a key back, this is where the tunnel will fail. They are not compared or checked, only sent. MM_WAIT_MSG4: In this step the pre-share key hashes are exchanged. Hang up’s here may be due to mismatch device vendors, a router with a firewall in the way, or even ASA version mismatches. Awaiting exchange of keyring information. MM_WAIT_MSG3: Both peers have agreed on the ISAKMP policies. This could be due to no route to the far end, the far end does not have ISAKMP enabled on the outside, the far end is down or DES isn't accepted as the encryption algorithm of the ISAKMP policy. If stuck here it usually means the other end is not responding. Awaiting initial contact reply from other side. ![]() MM_WAIT_MSG2: Initial DH public key sent to responder. Also I got this from a Cisco TAC engineer a long time ago.ĪDAPTIVE SECURITY APPLIANCE ISAKMP STATES: ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |