I have ASA 5505's up until yesterday they had a working VPN for months. Yesterday we had to change the public IP's for both 5505's. The first ASA #1 has about a dozen VPN's configured on it and is having no other issues except for this particular VPN. The other ASA #2 also had it's IP changed yesterday it has had problems with 2 of 5 different VPN's. One of the two VPN's is connecting to #1. When you try to initiate the connection from #1 I get tons of errors:
5 Sep 03 2009 21:36:00 713257 Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Group 2 Cfg'd: Group 1
Dozen's of these before the VPN finally connects. I can't for the life of me find any different settings between the two of them. If they are set to use aggressive mode the VPN will still get all the errors but will not come up. I've deleted it on both sides and re-created it, still doesn't work right.
I presume that you have multiple ISAKMP policies configured?. Are the ISAKMP policies listed in the same order on both sides? as the initiating side will send its proposal and compare against the peers first, and then the second if no match is found..
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...