IPSec L2L issue.

Unanswered Question


I have a hub-spoke vpn solution, using ASA with software 8.0(3).

I have installed the last spoke, an ASA5505 like all others, but the tunnel does not come up!

Using debug I can get this message:

Dec 17 01:56:04 [IKEv1]: IP = X.X.X.X, Duplicate Phase 1 packet detected. Retransmitting last packet.

All spoke are ASA5505 with the same configuration for isakmp and IPSec.

Any idea?



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
ajagadee Wed, 12/17/2008 - 07:16


Based on the debugs, it looks like the IKE packets are being blocked somewhere along the path between the Hub and Spoke. Make sure that the IKE and IPSEC Ports/Protocols are not blocked anywhere between the ASA5505 and headend side.



*Pls rate if it helps*

jpoplawski Fri, 12/19/2008 - 08:40

One document points to the key being invalid, another indicates the crypto ACLs aren't properly setup. Try re-entering the key on the spoke to verify it matches with the hub. Also double-check the crypto and nonat ACLs on both sides to verify they look proper.

Hope this helps, rate if it does,



This Discussion