Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
431
Views
0
Helpful
2
Replies

ASA Dynamic-to-static vpn tunnel

acomiskey
Level 10
Level 10

‎06-05-2007 10:36 AM - edited ‎03-11-2019 03:25 AM

Trying to establish vpn tunnel between a dynamic ip vpn device and a static ASA. Receiving the following logs...

713902 Group = DefaultRAGroup, IP = 75.x.x.223, Removing peer from peer table failed, no match!

713903 Group = DefaultRAGroup, IP = 75.x.x.223, Error: Unable to remove PeerTblEntry

The group which the shared key matches should be DefaultL2LGroup, not DefaultRAGroup. Any help would be great, thanks.

Labels:
0 Helpful
2 Replies 2

acomiskey
Level 10
Level 10

‎06-05-2007 12:33 PM

any guesses?

Do you configure this as a L2L group or as a RA group?

0 Helpful

acomiskey
Level 10
Level 10
In response to acomiskey

‎06-06-2007 07:33 AM

Ok, I got it working, only problem is it takes about 10 minutes to come up...

10:38:14 713902 Group = DefaultRAGroup, IP = 75.x.x.x, Removing peer from peer table failed, no match!

10:47:08 713904 Group = DefaultRAGroup, IP = 75.x.x.x, Received encrypted Oakley Main Mode packet with invalid payloads, MessID = 0

10:47:08 713905 Group = DefaultRAGroup, IP = 75.x.x.x, WARNING, had problems decrypting packet, probably due to mismatched pre-shared key. Switching user to tunnel-group: DefaultL2LGroup

10:47:09 713903 Group = DefaultL2LGroup, IP = 75.x.x.x, Freeing previously allocated memory for authorization-dn-attributes

10:47:10 113009 AAA retrieved default group policy (DfltGrpPolicy) for user = DefaultL2LGroup

10:47:10 713119 Group = DefaultL2LGroup, IP = 75.x.x.x, PHASE 1 COMPLETED

10:47:10 713122 IP = 75.x.x.x, Keep-alives configured on but peer does not support keep-alives (type = None)

10:47:16 713075 Group = DefaultL2LGroup, IP = 75.x.x.x, Overriding Initiator's IPSec rekeying duration from 86400 to 28800 seconds

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card