Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
497
Views
0
Helpful
1
Replies

ASA 5520 - VPN disconnects and ASA shows the error msg "%ASA-4-402123"

mahzoddc06
Level 1
Level 1

‎06-10-2007 07:18 AM - edited ‎03-11-2019 03:27 AM

Hello All,

When a remote user connects via the VPN client, they experience a disconnection a few seconds after they have authenticated successfully.

I checked the ASA logs and notice the following msg:

%ASA-4-402123: CRYPTO: The ASA hardware accelerator encountered an error (Invalid IP Version, code= 0x17) while executing the command Write IPSec Outbound SA (0x4014).

I checked the what this error msg means and its recommended action was to contact the TAC. The ASA 5520 is brand new out of the box

Could the community help me troubleshoot this issue.

The sh ver is as follows:

######## sh ver

Cisco Adaptive Security Appliance Software Version 7.1(2)

Device Manager Version 5.1(2)

Compiled on Tue 14-Mar-06 17:00 by dalecki

System image file is "disk0:/asa712-k8.bin"

Config file at boot was "startup-config"

###### up 5 days 17 hours

Hardware: ASA5520-K8, 512 MB RAM, CPU Pentium 4 Celeron 2000 MHz

Internal ATA Compact Flash, 256MB

BIOS Flash AT49LW080 @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)

Boot microcode : CNlite-MC-Boot-Cisco-1.2

SSL/IKE microcode: CNlite-MC-IPSEC-Admin-3.03

IPSec microcode : CNlite-MC-IPSECm-MAIN-2.04

0: Ext: GigabitEthernet0/0 : address is 001a.6dea.4946, irq 9

1: Ext: GigabitEthernet0/1 : address is 001a.6dea.4947, irq 9

2: Ext: GigabitEthernet0/2 : address is 001a.6dea.4948, irq 9

3: Ext: GigabitEthernet0/3 : address is 001a.6dea.4949, irq 9

4: Ext: Management0/0 : address is 001a.6dea.4945, irq 11

5: Int: Not licensed : irq 11

6: Int: Not licensed : irq 5

Licensed features for this platform:

Maximum Physical Interfaces : Unlimited

Maximum VLANs : 100

Inside Hosts : Unlimited

Failover : Active/Active

VPN-DES : Enabled

VPN-3DES-AES : Enabled

Security Contexts : 2

GTP/GPRS : Disabled

VPN Peers : 750

WebVPN Peers : 2

This platform has an ASA 5520 VPN Plus license.

Serial Number: ########

Running Activation Key: #####

Configuration register is 0x1

Configuration last modified by enable_15 at 08:01:59.725 UTC Sun Jun 10 2007

Labels:
0 Helpful
1 Reply 1

b.speltz
Level 4
Level 4

‎06-14-2007 08:09 AM

It may due to remote peer sends wrong ESP packet. need to check crypto configuration.

Also check this Bug -id's: CSCsc64621.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card