Site-to-Site VPN failing (between Services SPA Carrier-400 and ASA5510)

Unanswered Question
Jun 29th, 2009
User Badges:

Hi there,


I am establishing a Site-to-site VPN connection with one of our clients and this just the first time we are using integrated Services SPA of CISCO installed to our 7609 router.


The configuration and logs is attached in this one. I am basically confused and unsure where exactly we are failing in the VPN parameter negotiations. I am attaching the configuration as well as the logs taken from our router.





  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
griever060684 Wed, 07/01/2009 - 21:34
User Badges:

Hi Collin,


We have checked and it seems we do have an exact match in the VPN parameters. One thing I have noticed though is that I am recieving a duplicate Phase 1 form their end. What are the possible reason for this one?


Jul 2 13:33:38.153: ISAKMP (0): received packet from ***.***.***.*** dport 500 sport 500 Global (R) MM_SA_SETUP

Jul 2 13:33:38.157: ISAKMP:(0): phase 1 packet is a duplicate of a previous packet.

Jul 2 13:33:38.157: ISAKMP:(0): retransmitting due to retransmit phase 1

Jul 2 13:33:38.157: ISAKMP:(0): retransmitting phase 1 MM_SA_SETUP...

griever060684 Thu, 07/09/2009 - 22:19
User Badges:

Hi We were finally able to get past the first error. However I am now seeing this error.. What could this mean?



Jul 10 14:09:25.999: ISAKMP:(68516):Send initial contact

Jul 10 14:09:25.999: ISAKMP:(68516):SA is doing pre-shared key authentication using id type ID_IPV4_ADDR

Jul 10 14:09:25.999: ISAKMP (68516): ID payload

next-payload : 8

type : 1

address : yyy.yyy.yyy.yyy

protocol : 17

port : 500

length : 12

Jul 10 14:09:25.999: ISAKMP:(68516):Total payload length: 12

Jul 10 14:09:25.999: crypto_engine: Generate IKE hash

Jul 10 14:09:25.999: crypto_engine: Encrypt IKE packet

Jul 10 14:09:25.999: ISAKMP:(68516): sending packet to ***.***.***.*** my_port 500 peer_port 500 (I) MM_KEY_EXCH

Jul 10 14:09:25.999: ISAKMP:(68516):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE

Jul 10 14:09:25.999: ISAKMP:(68516):Old State = IKE_I_MM4 New State = IKE_I_MM5


Jul 10 14:09:26.127: ISAKMP (68516): received packet from ***.***.***.*** dport 500 sport 500 Global (I) MM_KEY_EXCH

Jul 10 14:09:26.127: crypto_engine: Decrypt IKE packet

Jul 10 14:09:26.127: ISAKMP:(68516): processing ID payload. message ID = 0

Jul 10 14:09:26.127: ISAKMP (68516): ID payload

next-payload : 8

type : 2

FQDN name : easytrip.default.domain.invalid

protocol : 0

port : 0

length : 39

Jul 10 14:09:26.127: ISAKMP:(68516):Expected EasyTripPROFILE profile doesn't match, aborting exchange

Jul 10 14:09:26.127: ISAKMP (68516): FSM action returned error: 2

Jul 10 14:09:26.127: ISAKMP:(68516):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH

Jul 10 14:09:26.127: ISAKMP:(68516):Old State = IKE_I_MM5 New State = IKE_I_MM6

Actions

This Discussion