Avaya Configuring Branch Office Tunnel between a Contivity and a BayRS Router Manual de usuario descargar pdf (Pagina 20)

Tech Tip

Contivity Secure IP Services Gateway

Configuring Branch Office Tunnel between a Contivity and a BayRS

router

# 3: 09/14/2004 08:59:59.485 INFO SLOT 1 IKE Code: 130

No Proposal Chosen: Source 10.1.1.2, Dest 10.1.1.1

Message ID 0xd962094b, SPI length: 4, SPI: 12600

The No Proposal Chosen message is a generic message that usually directly follows one of the

log messages noted above. Sometimes though, usually when the router

initiates a connection

and it fails, only this message will appear in the log. It generally indicates some type of

configuration mismatch, so you may have to just double-check everything. An alternative

troubleshooting tactic would be to do a test initiating the SA from the other end, which generally

results in more descriptive messages in the log.

# 1: 09/15/2004 15:53:47.662 WARNING SLOT 1 IPSEC Code: 10

No Cryptographic API (capi.exe) in this image. IPSec cannot proceed.

interface: 10.1.1.1, circuit: 2, code: 1

# 2: 09/15/2004 15:53:49.267 WARNING SLOT 1 IKE Code: 4

No Cryptographic API (capi.exe) in this image. IKE cannot proceed,

code: 15

In order to run IPSec a valid capi.exe must be installed in the image. Both these messages

indicates that the file is not installed. Refer to Appendix B for instructions on how to install the

capi.exe file.

# 5: 09/13/2004 11:56:22.437 WARNING SLOT 1 IPSEC Code: 17

All IPsec traffic on slot 1 will be dropped since validation of the NPK

hash has failed. Please synchronize config with NPK and enable/disable

IPSEC on affected interfaces

This message indicates that the NPK on the router does not match the NPK of the config. This

will occasionally happen when booting from a different configuration, changing your NPK, or

starting from scratch. In order to correct this problem, you need to get into the secure shell

through the console. Follow these steps:

1. Enter the Secure Shell with the ksession command

$ ksession

Please enter password:

Entering Secure Shell Session.

2. Use the ktranslate command followed by the NPK, save the config, and then exit the

Secure Shell

SSHELL> ktranslate 67812345678 0x12345

SSHELL> save config config

TT040916 1.00 September 2004 Page: 20 of 29

1 2 ... 15 16 17 18 19 20 21 22 23 24 25 ... 28 29

Sin comentarios

Avaya Configuring Branch Office Tunnel between a Contivity and a BayRS Router Manual de usuario Pagina 20