IP SEC DEBUG? Any Ideas?

DANMOH009

Im not sure this is really CCNA related its more security related. Can anyone pin point me in the right place to look.

I am creating an IPSEC tunnel between 2 sites (for ccna-s practice): And cant seem to get the IPSEC tunnels up. This the ipsec is a complete new topic for me.

I have the following debug. The IPs are not live so dont worry about them.

000136: May 22 12:56:26.878 UTC: ISAKMP (2001): received packet from 50.50.50.14 dport 500 sport 500 Global (R) QM_IDLE
000137: May 22 12:56:26.878 UTC: ISAKMP: set new node 1319459469 to QM_IDLE
000138: May 22 12:56:26.878 UTC: ISAKMP[IMG]https://us.v-cdn.net/6030959/uploads/images/smilies/icon_sad.gif[/IMG]2001): processing HASH payload. message ID = 1319459469
000139: May 22 12:56:26.878 UTC: ISAKMP[IMG]https://us.v-cdn.net/6030959/uploads/images/smilies/icon_sad.gif[/IMG]2001): processing SA payload. message ID = 1319459469
000140: May 22 12:56:26.878 UTC: ISAKMP[IMG]https://us.v-cdn.net/6030959/uploads/images/smilies/icon_sad.gif[/IMG]2001):Checking IPSec proposal 1
000141: May 22 12:56:26.878 UTC: ISAKMP: transform 1, ESP_3DES
000142: May 22 12:56:26.878 UTC: ISAKMP:   attributes in transform:
000143: May 22 12:56:26.878 UTC: ISAKMP:      SA life type in seconds
000144: May 22 12:56:26.878 UTC: ISAKMP:      SA life duration (VPI) of  0x0 0x1 0x51 0x80
000145: May 22 12:56:26.882 UTC: ISAKMP:      encaps is 1 (Tunnel)
000146: May 22 12:56:26.882 UTC: ISAKMP:      authenticator is HMAC-MD5
000147: May 22 12:56:26.882 UTC: ISAKMP[IMG]https://us.v-cdn.net/6030959/uploads/images/smilies/icon_sad.gif[/IMG]2001):atts are acceptable.
000148: May 22 12:56:26.882 UTC: ISAKMP[IMG]https://us.v-cdn.net/6030959/uploads/images/smilies/icon_sad.gif[/IMG]2001): IPSec policy invalidated proposal with error 1024
000149: May 22 12:56:26.882 UTC: ISAKMP[IMG]https://us.v-cdn.net/6030959/uploads/images/smilies/icon_sad.gif[/IMG]2001): phase 2 SA policy not acceptable! (local 60.60.60.198 remote 50.50.50.14)
000150: May 22 12:56:26.882 UTC: ISAKMP: set new node 395288763 to QM_IDLE
000151: May 22 12:56:26.882 UTC: ISAKMP[IMG]https://us.v-cdn.net/6030959/uploads/images/smilies/icon_sad.gif[/IMG]2001):Sending NOTIFY PROPOSAL_NOT_CHOSEN protocol 3 spi 2264223528, message ID = 395288763
000152: May 22 12:56:26.882 UTC: ISAKMP[IMG]https://us.v-cdn.net/6030959/uploads/images/smilies/icon_sad.gif[/IMG]2001): sending packet to 50.50.50.14 my_port 500 peer_port 500 (R) QM_IDLE
000153: May 22 12:56:26.882 UTC: ISAKMP[IMG]https://us.v-cdn.net/6030959/uploads/images/smilies/icon_sad.gif[/IMG]2001):Sending an IKE IPv4 Packet.
000154: May 22 12:56:26.882 UTC: ISAKMP[IMG]https://us.v-cdn.net/6030959/uploads/images/smilies/icon_sad.gif[/IMG]2001):purging node 395288763
000155: May 22 12:56:26.882 UTC: ISAKMP[IMG]https://us.v-cdn.net/6030959/uploads/images/smilies/icon_sad.gif[/IMG]2001):deleting node 1319459469 error TRUE reason "QM rejected"
000156: May 22 12:56:26.882 UTC: ISAKMP[IMG]https://us.v-cdn.net/6030959/uploads/images/smilies/icon_sad.gif[/IMG]2001):Node 1319459469, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH
000157: May 22 12:56:26.882 UTC: ISAKMP[IMG]https://us.v-cdn.net/6030959/uploads/images/smilies/icon_sad.gif[/IMG]2001):Old State = IKE_QM_READY  New State = IKE_QM_READY
000158: May 22 12:56:30.902 UTC: ISAKMP (2001): received packet from 50.50.50.14 dport 500 sport 500 Global (R) QM_IDLE
000159: May 22 12:56:30.902 UTC: ISAKMP[IMG]https://us.v-cdn.net/6030959/uploads/images/smilies/icon_sad.gif[/IMG]2001): phase 2 packet is a duplicate of a previous packet.
000160: May 22 12:56:30.902 UTC: ISAKMP[IMG]https://us.v-cdn.net/6030959/uploads/images/smilies/icon_sad.gif[/IMG]2001): retransmitting due to retransmit phase 2
000161: May 22 12:56:30.902 UTC: ISAKMP[IMG]https://us.v-cdn.net/6030959/uploads/images/smilies/icon_sad.gif[/IMG]2001): ignoring retransmission,because phase2 node marked dead 1319459469
000162: May 22 12:56:36.918 UTC: ISAKMP (2001): received packet from 50.50.50.14 dport 500 sport 500 Global (R) QM_IDLE
000163: May 22 12:56:36.918 UTC: ISAKMP[IMG]https://us.v-cdn.net/6030959/uploads/images/smilies/icon_sad.gif[/IMG]2001): phase 2 packet is a duplicate of a previous packet.
000164: May 22 12:56:36.918 UTC: ISAKMP[IMG]https://us.v-cdn.net/6030959/uploads/images/smilies/icon_sad.gif[/IMG]2001): retransmitting due to retransmit phase 2
000165: May 22 12:56:36.918 UTC: ISAKMP[IMG]https://us.v-cdn.net/6030959/uploads/images/smilies/icon_sad.gif[/IMG]2001): ignoring retransmission,because phase2 node marked dead 1319459469
000166: May 22 12:56:44.939 UTC: ISAKMP (2001): received packet from 50.50.50.14 dport 500 sport 500 Global (R) QM_IDLE
000167: May 22 12:56:44.939 UTC: ISAKMP[IMG]https://us.v-cdn.net/6030959/uploads/images/smilies/icon_sad.gif[/IMG]2001): phase 2 packet is a duplicate of a previous packet.
000168: May 22 12:56:44.939 UTC: ISAKMP[IMG]https://us.v-cdn.net/6030959/uploads/images/smilies/icon_sad.gif[/IMG]2001): retransmitting due to retransmit phase 2
000169: May 22 12:56:44.939 UTC: ISAKMP[IMG]https://us.v-cdn.net/6030959/uploads/images/smilies/icon_sad.gif[/IMG]2001): ignoring retransmission,because phase2 node marked dead 1319459469u all

powmia

Check your crypto ACLs.