Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

vpn tunnel issues

Hi,

I am getting the below  messages in my cisco asa 5520, during this time tunnel is down. just what to check whether the problem is at remote FW or with asa.

local fw: asa

remote fw : check point UTM edge

jan 12 2012 10:50:27: %%asa-3-713902: group = 203.179.86.179, ip = 203.179.86.179, removing peer from correlator table failed, no match!

jan 12 2012 10:50:27: %%asa-3-713902: group = 203.179.86.179, ip = 203.179.86.179, qm fsm error (p2 struct &0xd1884f20, mess id 0xb449e909)!

jan 12 2012 10:50:27: %%asa-3-713902: group = 203.179.86.179, ip = 203.179.86.179, received encrypted oakley quick mode packet with invalid payloads, messid = 3024742665

jan 12 2012 10:51:23: %%asa-6-602304: ipsec: an outbound lan-to-lan sa (spi= 0x77bac51f) between 125.16.27.18 and 203.179.86.179 (user= 203.179.86.179) has been deleted.

jan 12 2012 10:51:23: %%asa-6-602304: ipsec: an inbound lan-to-lan sa (spi= 0xba125457) between 125.16.27.18 and 203.179.86.179 (user= 203.179.86.179) has been deleted.

jan 12 2012 10:51:23: %%asa-3-713902: group = 203.179.86.179, ip = 203.179.86.179, removing peer from correlator table failed, no match!

jan 12 2012 10:51:23: %%asa-5-713050: group = 203.179.86.179, ip = 203.179.86.179, connection terminated for peer 203.179.86.179.  reason: peer terminate  remote proxy 192.168.211.0, local proxy 10.158.0.0

jan 12 2012 10:51:23: %%asa-4-113019: group = 203.179.86.179, username = 203.179.86.179, ip = 203.179.86.179, session disconnected. session type: ipsec, duration: 0h:01m:05s, bytes xmt: 29911, bytes rcv: 5310, reason: crypto map policy not found

jan 12 2012 10:51:24: %%asa-6-713219: group = 203.179.86.179, ip = 203.179.86.179, queuing key-acquire messages to be processed when p1 sa is complete.

jan 12 2012 10:51:25: %%asa-6-713219: group = 203.179.86.179, ip = 203.179.86.179, queuing key-acquire messages to be processed when p1 sa is complete.

jan 12 2012 10:51:29: %%asa-5-713201: group = 203.179.86.179, ip = 203.179.86.179, duplicate phase 2 packet detected.  retransmitting last packet.

jan 12 2012 10:51:30: %%asa-3-713902: group = 203.179.86.179, ip = 203.179.86.179, received encrypted oakley quick mode packet with invalid payloads, messid = 4241327105

jan 12 2012 10:51:32: %%asa-3-713902: group = 203.179.86.179, ip = 203.179.86.179, received encrypted oakley quick mode packet with invalid payloads, messid = 4241327105

Thanks,

Sridhar


4 REPLIES

vpn tunnel issues

Hello Sridhar,

You are bulding a site to site between these two locations on log

%%asa-4-113019 we can see that there is no crypto map policy found for that connection, so you will need to check the crypto map configuration on this ASA, check if it has the right policies for the Site to site with the other VPN endpoint.

Hope this helps.

Regards,

Julio

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
New Member

Re: vpn tunnel issues

the crypto map is very much configured. interestingly the FW is throwing this error message. the tunnel is up, when it is down i am getting this error message. Is this a bug in the IOS or something? how do i fix this?

Thanks,

Sridhar

Re: vpn tunnel issues

What version are you runnig, I do not think this is a bug, but I will  research on this for you.

Regards,

Julio

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
New Member

Re: vpn tunnel issues

thanks a lot. please find the details.

Cisco Adaptive Security Appliance Software Version 8.2(1)

Device Manager Version 6.3(4)

System image file is "disk0:/asa821-k8.bin"

1433
Views
0
Helpful
4
Replies
CreatePlease login to create content