Hey,

I'm trying to connect to a Cisco peer via ipsec/tunnel mode/public ips (not nat) on ros3.22, I only get these messages in the log:

02:08:38 ipsec IPsec-SA request for xxx.xxx.xxx.xx queued due to no phase1 found.
02:08:38 ipsec initiate new phase 1 negotiation: yy.yy.yyy.yy[500]<=>xxx.xxx.xxx.xx[500]
02:08:38 ipsec begin Identity Protection mode.
02:08:38 ipsec delete phase1 handle.
02:09:09 ipsec phase2 negotiation failed due to time up waiting for phase1. ESP xxx.xxx.xxx.xx[500]->yy.yy.yyy.yy[500]

Not knowing what is wrong I'm looking for a more *verbose* output, but even adding a global 'debug' topic (or ipsec,debug) to the logging does not show more info.

Any help how to debug this or getting more verbose information?

Thanks for any feedback.
Amode

looks like to me that you are not getting any more data of what is going on, because the Mikrotik is not getting the data in the first place? I.e. how can it display information that is not there? You could try to use Mikrotik's Packet Sniffer to find out more?

Yes, good catch

It turned out that the config on the remote end was not enabled at this point in time. Anyways, log messages at MT side was not quite helpful here. I was expecting something like "timeout because no... blah blah".

Anyways, thanks for the reply.

Amode.

i did not mean that to happen, it sort of answered it self.
here is what i got:
log from Mk
ipsec, error failed to pre-process ph2 packet.
phase1 negotiation failed due to time up
failed to pre-process ph2 packet.

thanx