Guest

Preview Tool

Cisco Bug: CSCup72039 - DMVPN/VTI/GRE: Phase 2 fails with PROPOSAL_NOT_CHOSEN when two phases 1

Last Modified

Nov 28, 2019

Products (102)

  • Cisco IOS
  • Cisco 861W Integrated Services Router
  • Cisco 819 Hardened Integrated Services Router
  • Cisco 812 CiFi Integrated Services Router
  • Cisco 886VA-CUBE Integrated Services Router
  • Cisco 1905 Serial Integrated Services Router
  • Cisco 892W Integrated Services Router
  • Cisco VG204XM Analog Voice Gateway
  • Cisco C892FSP Integrated Services Router
  • Cisco ASR 901-6CZ-FS-D Router
View all products in Bug Search Tool Login Required

Known Affected Releases

15.3(3)M3 15.4(2)S

Description (partial)

Symptom:
DMVPN: Phase 2 fails with PROPOSAL_NOT_CHOSEN when two phases 1

In "debug crypto ipsec" following message is seen:
*Jul  3 13:20:54.567: Cannot find crypto swsb for idb Ethernet0/0: in ipsec_process_proposal (), 1206
*Jul  3 13:20:54.567: IPSEC(ipsec_process_proposal): TP not configured or sadb not init for idb Ethernet0/0
*Jul  3 13:20:54.567: Cannot find crypto swsb : in ipsec_process_proposal (), 1590

Conditions:
- multipoint GRE used (DMVPN) Phase 2 or Phase 3
- It might be also seen for regular GRE over IPSEC or regular VTI

Related Community Discussions

DMVPN Spoke Issues after migrating dual hub from ISR2 3925 to ASR-1001X
Hello world,   After migrating our dual DMVPN hub solution from ISR2 3925 to ASR-1001X (running asr1001x-universalk9.03.12.03.S.154-2.S3-std.SPA.bin)   we started having some issues with spokes tunnels flapping (going up and down) and sometime never come up. Running 'show dmvpn' the spoke is stuck in NHRP state toward our hub. To resolve the issue we run 'shutdown' and then 'no shutdown' on the tunnel interface of the spoke the DMVPN goes up. Also running 'clear crypto session <remote hub nbma>' ...
Latest activity: Jun 30, 2015
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.