IPsec from ASA 7.23 to Juniper M7i router - MM_WAIT_MSG3
I have set up an IPsec connection between my ASA 5520 and a partner's Juniper M7i router. Everything seems ok as far as matched settings, etc., however I see 2 ISAKMP peers when I do a show crypto isakmp sa:
6 IKE Peer: 184.108.40.206
Type : L2L Role : initiator
Rekey : no State : MM_ACTIVE
8 IKE Peer: 220.127.116.11
Type : user Role : responder
Rekey : no State : MM_WAIT_MSG3
Traffic seems to be passing okay, but this MM_WAIT_MSG3 message has me concerned. My guess is that some parameter isn't matching, but like I said, everything appears to match. Anyone run into this, and if so, how did you correct it? Thanks in advance!
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...