PIX 515 7.2(2) failover and vpn failing

Unanswered Question
Jul 15th, 2009

We have a site to site VPN using a pair of PIX 515's in the primary site that works fine almost all the time. Once in a while the remote side cannot access anything in the primary site and it seems that doing a clear crypto and clearing the tunnel fixes the problem. in trying to discover the source of the problem, the only thing I see is the following log message:

ul 14 2009 13:41:59: %PIX-3-713235: Group = remote, IP = xxx.xxx.xxx.xxx, Attempt to send an IKE packet from standby unit. Dropping the packet!

It does not appear that this message is significant, but it's the only clue I have right now.

Has anyone experienced similar issues?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
pccw258103 Wed, 07/15/2009 - 18:22

Error Message: %PIX|ASA-6-713235: Attempt to send an IKE packet from standby unit.

Dropping the packet!

Explanation: Normally, IKE packets should never be sent from the standby unit to the remote peer. This message is displayed if such an attempt is made due to an internal logic error. The packet never leaves the standby unit because of protective code. This message is mainly to facilitate debugging.

Recommended Action: No action is required by the user. Developers should look into the condition causing the IKE packet to be sent from the standby unit.

kevburgess Thu, 07/16/2009 - 04:02

That's what I meant by insignificant. I guess I need to keep looking unless someone else has any ideas.


This Discussion