11-15-2007 02:33 PM - edited 03-11-2019 04:31 AM
Hi, I am trying to set up a Lan2Lan VPn between an ASA 5510 and a MS ISA Server 2004 machine. The configuration matches on both ends, but I get the following error in the ASA logs:
113019: Group = x.x.x.x, Username = x.x.x.x, IP = x.x.x.x, Session disconnected. Session Type: IPSecLAN2LAN, Duration: 0h:00m:32s, Bytes xmt: 0, Bytes rcv: 0, Reason: Phase 2 Error
713902: Group = x.x.x.x, IP = x.x.x.x, Removing peer from correlator table failed, no match!
713902: Group = x.x.x.x, IP = x.x.x.x, QM FSM error (P2 struct &0x3180ef8, mess id 0x469cca44)!
713068: Group = x.x.x.x, IP = x.x.x.x, Received non-routine Notify message: Invalid ID info (18)
713119: Group = x.x.x.x, IP = x.x.x.x, PHASE 1 COMPLETED
713903: Group = x.x.x.x, IP = x.x.x.x, Freeing previously allocated memory for authorization-dn-attributes
713041: IP = x.x.x.x, IKE Initiator: New Phase 1, Intf 2, IKE Peer x.x.x.x local Proxy Address 10.10.0.0, remote Proxy Address 192.168.0.0, Crypto map (outside_map)
Please help....
11-15-2007 02:44 PM
Hello,
We need a bit more of information. It seems like phase 2 is failing to complete. To get more information please turn on IPsec debugging via "debug crypto ipsec 128". The attempt to bring up the tunnel by generating interesting traffic and see what messages are generated in the debugging log.
11-15-2007 02:56 PM
Hi, Thanks for the reply... here is your log:
IPSEC: New embryonic SA created @ 0x035D1808,
SCB: 0x038E41C0,
Direction: inbound
SPI : 0x44691D15
Session ID: 0x0000000A
VPIF num : 0x00000001
Tunnel type: l2l
Protocol : esp
Lifetime : 240 seconds
IPSEC: New embryonic SA created @ 0x035D1808,
SCB: 0x02F44080,
Direction: inbound
SPI : 0xD98C22C8
Session ID: 0x0000000A
VPIF num : 0x00000001
Tunnel type: l2l
Protocol : esp
Lifetime : 240 seconds
IPSEC: New embryonic SA created @ 0x038EBBE0,
SCB: 0x038D73E0,
Direction: inbound
SPI : 0xF94561E9
Session ID: 0x0000000A
VPIF num : 0x00000001
Tunnel type: l2l
Protocol : esp
Lifetime : 240 seconds
IPSEC: New embryonic SA created @ 0x035D1808,
SCB: 0x02F44080,
Direction: inbound
SPI : 0x43F6A2BB
Session ID: 0x0000000A
VPIF num : 0x00000001
Tunnel type: l2l
Protocol : esp
Lifetime : 240 seconds
11-15-2007 03:24 PM
Sorry, my bad, "debug crypto isakmp 200" will give us the information we need. There's no useful information in the debugging information provided by "debug crypto ipsec" in this case.
11-19-2007 01:09 PM
Elparis, Thanks you very much for your help in this matter; however, the problem has been solved. It turns out that it was a problem with the ISA server I was trying to connect to. Thanks for your input
11-19-2007 01:21 PM
Great! Glad to hear everything is working now.
Cheers!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: