06-10-2007 07:18 AM - edited 03-11-2019 03:27 AM
Hello All,
When a remote user connects via the VPN client, they experience a disconnection a few seconds after they have authenticated successfully.
I checked the ASA logs and notice the following msg:
%ASA-4-402123: CRYPTO: The ASA hardware accelerator encountered an error (Invalid IP Version, code= 0x17) while executing the command Write IPSec Outbound SA (0x4014).
I checked the what this error msg means and its recommended action was to contact the TAC. The ASA 5520 is brand new out of the box
Could the community help me troubleshoot this issue.
The sh ver is as follows:
######## sh ver
Cisco Adaptive Security Appliance Software Version 7.1(2)
Device Manager Version 5.1(2)
Compiled on Tue 14-Mar-06 17:00 by dalecki
System image file is "disk0:/asa712-k8.bin"
Config file at boot was "startup-config"
###### up 5 days 17 hours
Hardware: ASA5520-K8, 512 MB RAM, CPU Pentium 4 Celeron 2000 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash AT49LW080 @ 0xffe00000, 1024KB
Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
Boot microcode : CNlite-MC-Boot-Cisco-1.2
SSL/IKE microcode: CNlite-MC-IPSEC-Admin-3.03
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.04
0: Ext: GigabitEthernet0/0 : address is 001a.6dea.4946, irq 9
1: Ext: GigabitEthernet0/1 : address is 001a.6dea.4947, irq 9
2: Ext: GigabitEthernet0/2 : address is 001a.6dea.4948, irq 9
3: Ext: GigabitEthernet0/3 : address is 001a.6dea.4949, irq 9
4: Ext: Management0/0 : address is 001a.6dea.4945, irq 11
5: Int: Not licensed : irq 11
6: Int: Not licensed : irq 5
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs : 100
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Security Contexts : 2
GTP/GPRS : Disabled
VPN Peers : 750
WebVPN Peers : 2
This platform has an ASA 5520 VPN Plus license.
Serial Number: ########
Running Activation Key: #####
Configuration register is 0x1
Configuration last modified by enable_15 at 08:01:59.725 UTC Sun Jun 10 2007
06-14-2007 08:09 AM
It may due to remote peer sends wrong ESP packet. need to check crypto configuration.
Also check this Bug -id's: CSCsc64621.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide