Received non-routine Notify message: Invalid ID info

Hello, i have configured Site-to-site VPN between two Locations. Head Office: Cisco VPN 3005 Branch Office: ISA Server 2004

In the IPSec configuration there are configured some local LANs on both sites, e.g. Head Office: 10.201.132.0/21 and 10.3.121.0/24 Branch Office: 10.201.137.0/25

Internal IP Interface of VPN 3005 is 10.3.121.10

Traffic between 10.201.132.0/21 and 10.201.137.0/25 is possible in both directions. Traffic from 10.201.137.0/25 to 10.3.121.0/24 is prossible, but Traffic from 10.3.121.0/24 to 10.201.137.0/25 is only possible, if traffic runs from 10.201.137.0/25 to 10.3.121.0/24. Means, the tunnel between these ranges is only establish from Branch Office (ISA Server 2004), not from Head Office (Cisco VPN 3005). In last case, if Cisco VPN 3005 should open the tunnel, on Cisco VPN

3005 I see the messages: "Received non-routine Notify message: Invalid ID info (18)" But i dont know, what this means.

Why does establishing is possible in one direction, but not in the other?

Can anybody help me?

Best regards, Frank Pusch

Reply to
f.pusch
Loading thread data ...

Hi Frank,

This looks like your lists don't match on both sides, they need to be the EXACT opposite of each other.

Brad Reese BradReese.Com Cisco Repair Service Experts

formatting link
Hendersonville Road, Suite 17 Asheville, North Carolina USA 28803 USA/Canada Toll Free: 877-549-2680 International: 828-277-7272 United Kingdom: 44-20-70784294

Reply to
www.BradReese.Com

Many many thanks. May be it was to late, or I need more coffee. There was a mistake in configuration on VPN3005: 10.3.121.10/0.0.0.255 instead of 10.3.121.0/0.0.0.255 Now it works correctly in both directions.

Best regards, Frank

Reply to
f.pusch

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.