I get these two messages when I setup an IPSEC tunnel between two ASA 5540s with 3 or 4 router hops in between. I can't get the tunnel to come up or ping across the network. I was able to ping all hops before this. I saved the working config before I started configuring ISAKMP/IPSEC. My configs are identical except for flipped IP addresses which is appropriate. Has anyone seen this or have an idea how to get the tunnel up?

106017

Error Message %PIX|ASA-2-106017: Deny IP due to Land Attack from IP_address to

IP_address

Explanation The security appliance received a packet with the IP source address equal to the IP destination, and the destination port equal to the source port. This message indicates a spoofed packet that is designed to attack systems. This attack is referred to as a Land Attack.

Recommended Action If this message persists, an attack may be in progress. The packet does not provide enough information to determine where the attack originates.

713902 IP = x.x.x.x, Removing peer from table failed, no match!

Error Message %PIX|ASA-3-713902 descriptive_event_string

Explanation This system log message could have several possible text strings describing an error. This may be the result of a configuration error either on the headend or remote access client.

Recommended Action It might be necessary to troubleshoot the configuration to determine the cause of the error. Check the ISAKMP and crypto map configuration on both peers.

713903