Knowledge Search


×
 

What does Unknown Vendor ID mean in the 'debug ike detail' output?

  [KB16733] Show Article Properties


Summary:
My VPN comes up but does not pass traffic.  What does the Unknown Vendor ID message in the 'debug ike detail' output mean?
Symptoms:
The VPN comes up and does not pass traffic.  Performed a 'debug ike detail' and found this message in the output.  Is this the reason why it cannot pass traffic?

## 2010-02-24 16:18:24 : IKE<2.3.1.9 > Vendor ID:
## 2010-02-24 16:18:24 : 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3
## 2010-02-24 16:18:24 : c0 00 00 00
## 2010-02-24 16:18:24 : IKE<2.3.1.9> receive unknown vendor ID

Solution:
The hexadecimal number listed in the line Vendor ID: 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 is the vendor identifier that is part of all phase 1 VPN negotiations.  In this case, the Vendor ID number represents a Cisco ASA router, and it is not in the database of this particular device and ScreenOS version.  Therefore, the firewall lists it as an unknown Vendor ID.  This does NOT cause the VPN negotiation to fail, the message is for informational purposes only.

If the VPN comes up, but does not pass traffic, instead begin troubleshooting from KB9276.
Related Links: