Cisco error messages

Chronictank · 27 Dec 2007 at 22:41

Could someone please explain to me what the following error code's mean, and when they occur as they seem to be compeltely random in the logs:

IKE/136 RPT=80 10.x.x.x Group [ServiceName] User [username] IKE session establishment timed out [AM_WAIT_DELETE], aborting!

Also am i right in assuming this is when a client times out?

IKE/123 IKE lost contact with remote peer, deleting connection (keepalive type: DPD)

And finally this one:

IKE/131 Recieved unknown transaction mode attribute

Anyhelp would be much appreciated
Thanks in advance

Biffa · 28 Dec 2007 at 12:19

I'm not 100% on this one but it seems like those are VPN client connect errors, either pix to pix connections or cisco vpn client connections trying to connect to your pix. Of course it could be some random host scanning your pix for vulnerabilities.

Lots of info in the FAQ here

oddjob62 · 28 Dec 2007 at 13:03

Yeah as Biffa says, those are IKE messages (IKE is used to establish IPSEC VPNs) Have you got anything like this set up?

Rich · 28 Dec 2007 at 16:52

DPD is dead peer detection, used for determining when a client is no longer contactable.

Chronictank · 28 Dec 2007 at 17:50

Yeah its for a VPN concentrator but i cant find anything regarding the actual messages,
basically i am writing a script to parse logs and throw out various statistics and session information
But i cant find a source for what sepcific error codes actually mean so its pretty much been try and break something and see an effect in the logs
Those are the ones i am stuck on as they are in the logs but i am unable to re-create the senarios
Thanks for the help so far

Rich · 28 Dec 2007 at 17:54

Your best bet is Cisco TAC. Nobody really has an extensive list of the exact meaning of errors. Its just a case of how individuals interpret them unfortunately.

My take:

The first one is clearly a time-out or loss of connection to the peer while setting up IKE. This is the first phase of setting a VPN up.

Second as I have already covered is dead peer detection deciding that the peer is no longer contactable, and tearing down the session.

Third could be a number of things, but at a guess I would say that the IKE policies at each end do not match, or a third party device is attempting to negotiate an unsupported parameter.

Chronictank · 29 Dec 2007 at 19:47

thanks for all your help