IPSec tunnel with no transmission.

I have an IPSec tunnel (not working among others doing well) and I can't find out where the problem could be. The configuration is without errors (double-checked and nearly the same as for other tunnels). Here's the part of debug output:

crypto_isakmp_process_block:src:their.ip.address, dest:my.ip.address spt:500 dpt:500 ISAKMP (0): processing NOTIFY payload 36136 protocol 1 spi 0, message ID = 2671659589 ISAMKP (0): received DPD_R_U_THERE from peer their.ip.address ISAMKP (0): DPD_R_U_THERE: received seq_no 11020532 out of range, expected 4793190 return status is IKMP_NO_ERR_NO_TRANS

And it's repeating from time to time in bursts of 4, 5. Any ideas? :-)

PS. My access to the device on the other side (D-Link DFL-200, iirc) is very limited.

Ahh, the post was very inconsequent without the info that it is PIX 506,

6.3(3) on my side and this is the part of the config:

access-list ipsec-p-w permit ip 10.0.0.0 255.255.255.0 192.168.9.0

255.255.255.0 crypto ipsec transform-set 3des-md5 esp-3des esp-md5-hmac crypto map internet 900 ipsec-isakmp crypto map internet 900 match address ipsec-p-w crypto map internet 900 set pfs group2 crypto map internet 900 set peer their.address crypto map internet 900 set transform-set 3des-md5 isakmp key ******** address their.address netmask 255.255.255.255

Everything else is ok, because I have other tunnels working and as far as I know, access list from both sides match and we use the same transform sets and so on. The tunnels "goes up", but there's no transmission in it. The part of the debug is in the previous post.

you need to post your intire config, as alot of things are missing, inorder for any to give you a quallified guess. consider also why you have this : crypto map internet 900 set pfs group2

and what are the config like in the other end ? Also try add the cmd: isakmp nat-t

HTH Martin Bilgrav