Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Green

ASA Dynamic-to-static vpn tunnel

Trying to establish vpn tunnel between a dynamic ip vpn device and a static ASA. Receiving the following logs...

713902 Group = DefaultRAGroup, IP = 75.x.x.223, Removing peer from peer table failed, no match!

713903 Group = DefaultRAGroup, IP = 75.x.x.223, Error: Unable to remove PeerTblEntry

The group which the shared key matches should be DefaultL2LGroup, not DefaultRAGroup. Any help would be great, thanks.

2 REPLIES
Green

Re: ASA Dynamic-to-static vpn tunnel

any guesses?

Do you configure this as a L2L group or as a RA group?

Green

Re: ASA Dynamic-to-static vpn tunnel

Ok, I got it working, only problem is it takes about 10 minutes to come up...

10:38:14 713902 Group = DefaultRAGroup, IP = 75.x.x.x, Removing peer from peer table failed, no match!

10:47:08 713904 Group = DefaultRAGroup, IP = 75.x.x.x, Received encrypted Oakley Main Mode packet with invalid payloads, MessID = 0

10:47:08 713905 Group = DefaultRAGroup, IP = 75.x.x.x, WARNING, had problems decrypting packet, probably due to mismatched pre-shared key. Switching user to tunnel-group: DefaultL2LGroup

10:47:09 713903 Group = DefaultL2LGroup, IP = 75.x.x.x, Freeing previously allocated memory for authorization-dn-attributes

10:47:10 113009 AAA retrieved default group policy (DfltGrpPolicy) for user = DefaultL2LGroup

10:47:10 713119 Group = DefaultL2LGroup, IP = 75.x.x.x, PHASE 1 COMPLETED

10:47:10 713122 IP = 75.x.x.x, Keep-alives configured on but peer does not support keep-alives (type = None)

10:47:16 713075 Group = DefaultL2LGroup, IP = 75.x.x.x, Overriding Initiator's IPSec rekeying duration from 86400 to 28800 seconds

272
Views
0
Helpful
2
Replies
CreatePlease to create content