Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

You may experience some slow load times, errors, and slight inconsistencies. We ask for your patience as we finalize the launch. Thank you.

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our beta test area to get started.

New Member

VPN 3002 Hardware Client to ASA 5502 Problems

I trying to connect a VPN 3002 HC to a ASA 3002. Using the "VPN Wizard" I did a step-by-step configuration on the ASA. I believe my problem resides on the 3002. On the ASA I'm getting the followering errors.

%ASA-3-713123: Group = xxxxx, IP = x.x.x.x, IKE lost contact with remote peer, deleting connection (keepalive type: DPD)

%ASA-4-113019: Group = xxxxx, Username = xxxxx, IP = x.x.x.x, Session disconnected. Session Type: IPSecLAN2LAN, Duration: 0h

:00m:23s, Bytes xmt: 0, Bytes rcv: 0, Reason: Lost Service.

Any help would be greatful !

  • Other Security Subjects
1 REPLY
New Member

Re: VPN 3002 Hardware Client to ASA 5502 Problems

Also on the ASA I believe Phase 1 is working. Under monitor I see IKE seems to be working. I believe I'm having Phase 2 issues.

ID - 1

Type- IKE

Encryption - 3DES-168

Other - Authentication Mode: preSharedKeys

UDP Source Port: 500

UDP Destination Port: 500

IKE Negotiation Moded: Aggressive

Hashing:SHA1

Diffie-Hellman Group:2

Rekey Time Interval:86400 Secords

Rekey Left(T):86397 Secords

IKE Peer: x.x.x.x

Type: L2l Role: responder

Rekey: no State: AM_ACTIVE

Encrypt: 3des Hash: SHA

Auth: preshared Lifetime: 86400

Lifetime Remaining : 86388

On the Cisco 3002 I'm seeing the Following:

28255 03/24/2006 10:07:14.990 SEV=4 IKE/41 RPT=2226 x.x.x.x

IKE Initiator: New Phase 1, Intf 12, IKE Peer x.x.x.x

local Proxy Address x.x.x.x, remote Proxy Address x.x.x.x,

SA (ESP-3DES-MD5)

28258 03/24/2006 10:07:15.200 SEV=5 IKEDBG/64 RPT=2225 x.x.x.x

IKE Peer included IKE fragmentation capability flags:

Main Mode: True

Aggressive Mode: True

28260 03/24/2006 10:07:15.350 SEV=5 IKE/172 RPT=2225 x.x.x.x

Group [test]

Automatic NAT Detection Status:

Remote end is NOT behind a NAT device

This end is NOT behind a NAT device

28264 03/24/2006 10:07:15.410 SEV=5 IKE/73 RPT=2214 x.x.x.x

Group [test]

Responder forcing change of IKE rekeying duration from 2147483647 to 86400 secon

ds

601
Views
0
Helpful
1
Replies