12-20-2008 05:09 AM - edited 02-21-2020 04:06 PM
Dear Team
i am facing problem in connecting Cisco VPN Client to ASA5510. following are the debug results:
---
Mar 26 05:09:19 [IKEv1]: IP = x.x.x.x, IKE_DECODE RECEIVED
Message (msgid=0) with payloads : HDR + SA (1) + KE (4) + NONCE (10) + ID (5) +
VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) t
otal length : 850
Mar 26 05:09:19 [IKEv1 DEBUG]: IP = x.x.x.x, processing SA payload
Mar 26 05:09:19 [IKEv1 DEBUG]: IP = x.x.x.x, processing ke payload
Mar 26 05:09:19 [IKEv1 DEBUG]: IP = x.x.x.x, processing ISA_KE payload
Mar 26 05:09:19 [IKEv1 DEBUG]: IP = x.x.x.x, processing nonce payload
Mar 26 05:09:19 [IKEv1 DEBUG]: IP = x.x.x.x, processing ID payload
Mar 26 05:09:19 [IKEv1 DEBUG]: IP = x.x.x.x, processing VID payload
Mar 26 05:09:19 [IKEv1 DEBUG]: IP = x.x.x.x, Received xauth V6 VID
Mar 26 05:09:19 [IKEv1 DEBUG]: IP = x.x.x.x, processing VID payload
Mar 26 05:09:19 [IKEv1 DEBUG]: IP = x.x.x.x, Received DPD VID
Mar 26 05:09:19 [IKEv1 DEBUG]: IP = x.x.x.x, processing VID payload
Mar 26 05:09:19 [IKEv1 DEBUG]: IP = x.x.x.x, Received NAT-Traversal ver 02 V
ID
Mar 26 05:09:19 [IKEv1 DEBUG]: IP = x.x.x.x, processing VID payload
Mar 26 05:09:19 [IKEv1 DEBUG]: IP = x.x.x.x, Received Fragmentation VID
Mar 26 05:09:19 [IKEv1 DEBUG]: IP = x.x.x.x, IKE Peer included IKE fragmenta
tion capability flags: Main Mode: True Aggressive Mode: False
Mar 26 05:09:19 [IKEv1 DEBUG]: IP = x.x.x.x, processing VID payload
Mar 26 05:09:19 [IKEv1 DEBUG]: IP = x.x.x.x, Received Cisco Unity client VID
Mar 26 05:09:19 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = x.x.x.x, process
ing IKE SA payload
Mar 26 05:09:19 [IKEv1]: IP = x.x.x.x, IKE_DECODE SENDING Message (msgid=0)
with payloads : HDR + NOTIFY (11) + NONE (0) total length : 596
Mar 26 05:09:19 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = x.x.x.x, All SA
proposals found unacceptable
Mar 26 05:09:19 [IKEv1]: IP = x.x.x.x, All IKE SA proposals found unacceptab
le!
Mar 26 05:09:19 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = x.x.x.x, IKE AM
Responder FSM error history (struct &0x46fdbf0) <state>, <event>: AM_DONE, EV_
ERROR-->AM_BLD_MSG2, EV_PROCESS_SA-->AM_BLD_MSG2, EV_GROUP_LOOKUP-->AM_BLD_MSG2,
EV_PROCESS_MSG-->AM_BLD_MSG2, EV_CREATE_TMR-->AM_START, EV_RCV_MSG-->AM_START,
EV_START_AM-->AM_START, EV_START_AM
Mar 26 05:09:19 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = x.x.x.x, IKE SA
AM:05ac4df5 terminating: flags 0x0100c001, refcnt 0, tuncnt 0
Mar 26 05:09:19 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = x.x.x.x, sending
delete/delete with reason message
Mar 26 05:09:19 [IKEv1]: Group = DefaultRAGroup, IP = x.x.x.x, Removing peer
from peer table failed, no match!
Mar 26 05:09:19 [IKEv1]: Group = DefaultRAGroup, IP = x.x.x.x, Error: Unable
to remove PeerTblEntry
------------
kindly help in configuring the ASA for connecting Cisco VPN client.
Regards
ARjun
12-20-2008 07:15 AM
Arjun,
Your issue is with your IKE configuration:-
Mar 26 05:09:19 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = x.x.x.x, All SA
proposals found unacceptable
Mar 26 05:09:19 [IKEv1]: IP = x.x.x.x, All IKE SA proposals found unacceptab
le!
This means the client cannot agree acceptable IKE encryption settings. Review your configuration and re-test.
HTH>
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide