Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
326
Views
0
Helpful
2
Replies

Remote Access VPN

blackswans
Level 1
Level 1

‎04-01-2014 07:02 AM

Hi,

Remote Access VPN started to fail suddenly on our 5510 firewall. We restored to old backup config, restarted but the issue didn't resolved. What can be the problem?

Regards.

 

364    16:50:05.427  04/01/14  Sev=Info/4 IKE/0x63000058
Received an ISAKMP message for a non-active SA, I_Cookie=702C17A3E112A99F R_Cookie=6EEDB74464AA8C54
 
365    16:50:05.427  04/01/14  Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(Dropped) from 213.74.123.2
 
366    16:50:05.542  04/01/14  Sev=Info/4 IPSEC/0x63700014
Deleted all keys
 
367    16:50:08.588  04/01/14  Sev=Info/4 IKE/0x6300004B
Discarding IKE SA negotiation (I_Cookie=702C17A3E112A99F R_Cookie=6EEDB74464AA8C54) reason = DEL_REASON_IKE_NEG_FAILED
 
368    16:50:08.588  04/01/14  Sev=Info/4 CM/0x63100012
Phase 1 SA deleted before first Phase 2 SA is up cause by "DEL_REASON_IKE_NEG_FAILED".  0 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
 
369    16:50:08.588  04/01/14  Sev=Info/5 CM/0x63100025
Initializing CVPNDrv
 
370    16:50:08.592  04/01/14  Sev=Info/6 CM/0x63100046
Set tunnel established flag in registry to 0.
 
371    16:50:08.592  04/01/14  Sev=Info/4 IKE/0x63000001
IKE received signal to terminate VPN connection
 
372    16:50:08.594  04/01/14  Sev=Info/4 IPSEC/0x63700014
Deleted all keys
 
373    16:50:08.594  04/01/14  Sev=Info/4 IPSEC/0x63700014
Deleted all keys
 
374    16:50:08.594  04/01/14  Sev=Info/4 IPSEC/0x63700014
Deleted all keys
 
375    16:50:08.594  04/01/14  Sev=Info/4 IPSEC/0x6370000A
IPSec driver successfully stopped
Labels:
0 Helpful
2 Replies 2

Richard Burts
Hall of Fame
Hall of Fame

‎04-02-2014 11:40 AM

What you have posted appears to be from the log of the IPSec VPN client. But it shows only the last little bit of activity and does not show us the attempts to negotiate. Perhaps more of the log from the client might be helpful, but I believe that the best thing that you could give us is what is happening on the 5510. I would start with logs from the 5510 during the time that the client is attempting to connect, and perhaps the relevant parts of the 5510 config.

 

HTH

 

Rick

HTH

Rick
0 Helpful

Poonam Garg
Level 3
Level 3
In response to Richard Burts

‎04-13-2014 11:03 PM

This error is generally seen when your transform-set mode is set to transport instead of tunnel.

Transport mode is not supported for RA VPN.  You must use Tunnel mode for the IPSec Transform set as we need to maintain the inside IP header so that once the packet is decapsulated and decrypted at the IPSec head end it can forward the packet.

0 Helpful
Customers Also Viewed These Support Documents