I can't figure out why it doesn't work. Here's a snippet from the Cisco's error log (this repeats over and over):
Code: Select all
Wed Sep 19 18:18:43 2018 (GMT +0800): [cisco] [IKE] INFO: Using IPsec SA configuration: 192.168.10.1-192.168.10.254<->192.168.1.1-192.168.1.254
Wed Sep 19 18:18:43 2018 (GMT +0800): [cisco] [IKE] INFO: Configuration found for [IP Mikrotik Site 1].
Wed Sep 19 18:18:43 2018 (GMT +0800): [cisco] [IKE] INFO: Configuration found for [IP Mikrotik Site 1].
Wed Sep 19 18:18:43 2018 (GMT +0800): [cisco] [IKE] INFO: Initiating new phase 1 negotiation: [IP Cisco Site 2][500]<=>[IP Mikrotik Site 1][500]
Wed Sep 19 18:18:43 2018 (GMT +0800): [cisco] [IKE] INFO: Beginning Identity Protection mode.
Wed Sep 19 18:18:43 2018 (GMT +0800): [cisco] [IKE] INFO: [isakmp_ident.c:186]: XXX: NUMNATTVENDORIDS: 3
Wed Sep 19 18:18:43 2018 (GMT +0800): [cisco] [IKE] INFO: [isakmp_ident.c:190]: XXX: setting vendorid: 4
Wed Sep 19 18:18:43 2018 (GMT +0800): [cisco] [IKE] INFO: [isakmp_ident.c:190]: XXX: setting vendorid: 8
Wed Sep 19 18:18:43 2018 (GMT +0800): [cisco] [IKE] INFO: [isakmp_ident.c:190]: XXX: setting vendorid: 9
Wed Sep 19 18:19:15 2018 (GMT +0800): [cisco] [IKE] ERROR: Phase 2 negotiation failed due to time up waiting for phase1. ESP [IP Mikrotik Site 1]->[IP Cisco Site 2]
Wed Sep 19 18:19:54 2018 (GMT +0800): [cisco] [IKE] INFO: FOUND
Wed Sep 19 18:19:54 2018 (GMT +0800): [cisco] [IKE] INFO: FOUND
Wed Sep 19 18:19:54 2018 (GMT +0800): [cisco] [IKE] INFO: Using IPsec SA configuration: 192.168.10.1-192.168.10.254<->192.168.1.1-192.168.1.254
Wed Sep 19 18:19:54 2018 (GMT +0800): [cisco] [IKE] INFO: Configuration found for [IP Mikrotik Site 1].
Wed Sep 19 18:19:54 2018 (GMT +0800): [cisco] [IKE] INFO: Configuration found for [IP Mikrotik Site 1].
Wed Sep 19 18:20:26 2018 (GMT +0800): [cisco] [IKE] ERROR: Phase 2 negotiation failed due to time up waiting for phase1. ESP [IP Mikrotik Site 1]->[IP Cisco Site 2]
Wed Sep 19 18:20:33 2018 (GMT +0800): [cisco] [IKE] ERROR: Phase 1 negotiation failed due to time up for [IP Mikrotik Site 1][500]. d4469258c094be67:0000000000000000
Wed Sep 19 18:20:44 2018 (GMT +0800): [cisco] [IKE] INFO: FOUND
Wed Sep 19 18:20:44 2018 (GMT +0800): [cisco] [IKE] INFO: FOUND
Wed Sep 19 18:20:44 2018 (GMT +0800): [cisco] [IKE] INFO: Using IPsec SA configuration: 192.168.10.1-192.168.10.254<->192.168.1.1-192.168.1.254
Wed Sep 19 18:20:44 2018 (GMT +0800): [cisco] [IKE] INFO: Configuration found for [IP Mikrotik Site 1].
Wed Sep 19 18:20:44 2018 (GMT +0800): [cisco] [IKE] INFO: Configuration found for [IP Mikrotik Site 1].
Wed Sep 19 18:20:44 2018 (GMT +0800): [cisco] [IKE] INFO: Initiating new phase 1 negotiation: [IP Cisco Site 2][500]<=>[IP Mikrotik Site 1][500]
Wed Sep 19 18:20:44 2018 (GMT +0800): [cisco] [IKE] INFO: Beginning Identity Protection mode.
Wed Sep 19 18:20:44 2018 (GMT +0800): [cisco] [IKE] INFO: [isakmp_ident.c:186]: XXX: NUMNATTVENDORIDS: 3
Wed Sep 19 18:20:44 2018 (GMT +0800): [cisco] [IKE] INFO: [isakmp_ident.c:190]: XXX: setting vendorid: 4
Wed Sep 19 18:20:44 2018 (GMT +0800): [cisco] [IKE] INFO: [isakmp_ident.c:190]: XXX: setting vendorid: 8
Wed Sep 19 18:20:44 2018 (GMT +0800): [cisco] [IKE] INFO: [isakmp_ident.c:190]: XXX: setting vendorid: 9
Wed Sep 19 18:21:15 2018 (GMT +0800): [cisco] [IKE] ERROR: Phase 2 negotiation failed due to time up waiting for phase1. ESP [IP Mikrotik Site 1]->[IP Cisco Site 2]
Wed Sep 19 18:21:55 2018 (GMT +0800): [cisco] [IKE] INFO: FOUND
Wed Sep 19 18:21:55 2018 (GMT +0800): [cisco] [IKE] INFO: FOUND
Wed Sep 19 18:21:55 2018 (GMT +0800): [cisco] [IKE] INFO: Using IPsec SA configuration: 192.168.10.1-192.168.10.254<->192.168.1.1-192.168.1.254
Wed Sep 19 18:21:55 2018 (GMT +0800): [cisco] [IKE] INFO: Configuration found for [IP Mikrotik Site 1].
Wed Sep 19 18:21:55 2018 (GMT +0800): [cisco] [IKE] INFO: Configuration found for [IP Mikrotik Site 1].
Wed Sep 19 18:22:26 2018 (GMT +0800): [cisco] [IKE] ERROR: Phase 2 negotiation failed due to time up waiting for phase1. ESP [IP Mikrotik Site 1]->[IP Cisco Site 2]
Wed Sep 19 18:22:34 2018 (GMT +0800): [cisco] [IKE] ERROR: Phase 1 negotiation failed due to time up for [IP Mikrotik Site 1][500]. fb36a60252dae512:0000000000000000
Wed Sep 19 18:22:44 2018 (GMT +0800): [cisco] [IKE] INFO: FOUND
Wed Sep 19 18:22:44 2018 (GMT +0800): [cisco] [IKE] INFO: FOUND
Wed Sep 19 18:22:44 2018 (GMT +0800): [cisco] [IKE] INFO: Using IPsec SA configuration: 192.168.10.1-192.168.10.254<->192.168.1.1-192.168.1.254
Wed Sep 19 18:22:44 2018 (GMT +0800): [cisco] [IKE] INFO: Configuration found for [IP Mikrotik Site 1].
Wed Sep 19 18:22:44 2018 (GMT +0800): [cisco] [IKE] INFO: Configuration found for [IP Mikrotik Site 1].
Wed Sep 19 18:22:44 2018 (GMT +0800): [cisco] [IKE] INFO: Initiating new phase 1 negotiation: [IP Cisco Site 2][500]<=>[IP Mikrotik Site 1][500]
Wed Sep 19 18:22:44 2018 (GMT +0800): [cisco] [IKE] INFO: Beginning Identity Protection mode.
Wed Sep 19 18:22:44 2018 (GMT +0800): [cisco] [IKE] INFO: [isakmp_ident.c:186]: XXX: NUMNATTVENDORIDS: 3
Wed Sep 19 18:22:44 2018 (GMT +0800): [cisco] [IKE] INFO: [isakmp_ident.c:190]: XXX: setting vendorid: 4
Wed Sep 19 18:22:44 2018 (GMT +0800): [cisco] [IKE] INFO: [isakmp_ident.c:190]: XXX: setting vendorid: 8
Wed Sep 19 18:22:44 2018 (GMT +0800): [cisco] [IKE] INFO: [isakmp_ident.c:190]: XXX: setting vendorid: 9
Wed Sep 19 18:23:15 2018 (GMT +0800): [cisco] [IKE] ERROR: Phase 2 negotiation failed due to time up waiting for phase1. ESP [IP Mikrotik Site 1]->[IP Cisco Site 2]
Wed Sep 19 18:24:34 2018 (GMT +0800): [cisco] [IKE] ERROR: Phase 1 negotiation failed due to time up for [IP Mikrotik Site 1][500]. 614295a23efccdac:0000000000000000
Wed Sep 19 19:32:47 2018 (GMT +0800): [cisco] [IKE] INFO: Configuration found for [IP Mikrotik Site 1][500].
Wed Sep 19 19:32:47 2018 (GMT +0800): [cisco] [IKE] INFO: Received request for new phase 1 negotiation: [IP Cisco Site 2][500]<=>[IP Mikrotik Site 1][500]
Wed Sep 19 19:32:47 2018 (GMT +0800): [cisco] [IKE] INFO: Beginning Identity Protection mode.
Wed Sep 19 19:32:47 2018 (GMT +0800): [cisco] [IKE] INFO: Received Vendor ID: RFC XXXX
Wed Sep 19 19:32:47 2018 (GMT +0800): [cisco] [IKE] INFO: Received Vendor ID: draft-ietf-ipsec-nat-t-ike-02ipsec error
Code: Select all
phase1 negotiation failed due to time up [site 1 Mikrotik IP][500]<=>[site 2 Cisco IP][500] 128080728e3f8eac:0000000000000000Site 1 has the Mikrotik and the LAN is 192.168.1.x
Any ideas how to fix this?
