PIX 515 7.2(2) failover and vpn failing

Unanswered Question
Jul 15th, 2009
User Badges:

We have a site to site VPN using a pair of PIX 515's in the primary site that works fine almost all the time. Once in a while the remote side cannot access anything in the primary site and it seems that doing a clear crypto and clearing the tunnel fixes the problem. in trying to discover the source of the problem, the only thing I see is the following log message:

ul 14 2009 13:41:59: %PIX-3-713235: Group = remote, IP = xxx.xxx.xxx.xxx, Attempt to send an IKE packet from standby unit. Dropping the packet!

It does not appear that this message is significant, but it's the only clue I have right now.

Has anyone experienced similar issues?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
pccw258103 Wed, 07/15/2009 - 18:22
User Badges:

Error Message: %PIX|ASA-6-713235: Attempt to send an IKE packet from standby unit.

Dropping the packet!

Explanation: Normally, IKE packets should never be sent from the standby unit to the remote peer. This message is displayed if such an attempt is made due to an internal logic error. The packet never leaves the standby unit because of protective code. This message is mainly to facilitate debugging.

Recommended Action: No action is required by the user. Developers should look into the condition causing the IKE packet to be sent from the standby unit.

kevburgess Thu, 07/16/2009 - 04:02
User Badges:

That's what I meant by insignificant. I guess I need to keep looking unless someone else has any ideas.


This Discussion