having issues with asa and ezvpn

Unanswered Question
Jan 16th, 2008

Im having issues getting ezvpn to work with my asa 5520. I can get L2L ipsec connections working and my vpn clients work but when I try an ezvpn connection the tunnel will come up for a second and then will disconnect. I am using a 3g wic for my connnection.

Im running ios 12.4(11)XV1.

Here are some logs from the asa:

713905 Group = fcb, IP = 99.203.249.159, No valid authentication type found for the tunnel group

113009 AAA retrieved default group policy (FBC-VPN) for user = fcb

713131 Group = fcb, IP = 99.203.249.159, Received unknown transaction mode attribute: 28692

713131 Group = fcb, IP = 99.203.249.159, Received unknown transaction mode attribute: 28693

713184 Group = fcb, IP = 99.203.249.159, Client Type: IOS Client Application Version: 12.4(11)XV1

713131 Group = fcb, IP = 99.203.249.159, Received unknown transaction mode attribute: 28695

713228 Group = fcb, IP = 99.203.249.159, Assigned private IP address 172.25.1.1 to remote user

713201 Group = fcb, IP = 99.203.249.159, Duplicate Phase 2 packet detected. Retransmitting last packet.

713201 Group = fcb, IP = 99.203.249.159, Duplicate Phase 2 packet detected. Retransmitting last packet.

713902 Group = fcb, IP = 99.203.249.159, Removing peer from peer table failed, no match!

713903 Group = fcb, IP = 99.203.249.159, Error: Unable to remove PeerTblEntry

713904 IP = 99.203.249.159, Received encrypted packet with no matching SA, dropping

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
joreilly36678@y... Tue, 01/22/2008 - 11:58

Do you see the message "Cannot obtain an IP address for remote peer" following the message you have mentioned. In that you need to create an address pool and assign addresses to this pool.

jefferyprice@te... Wed, 01/23/2008 - 13:11

713228 Group = fcb, IP = 99.203.249.159, Assigned private IP address 172.25.1.1 to remote user

the router is getting a client address.

Actions

This Discussion