02-09-2012 05:51 AM
Hi All
Got a classical remote access vpn with Cisco VPN Client and ASA-5520
Some weeks ago I noticed in my ASA logs this severity 5 Message.
Group = xyz, Username = abc, IP = 84.n.n.n, Duplicate Phase 2 packet detected. No last packet to retransmit.
This message comes with every connect, but then connections works fine.
Remark: See ASA ADSM:
- 1. Duplicated Phase II (!!)
- 2. Phase I
- 3. Phase II
I think we did not change anything in our configs before.
VPN Client 5.0.7.290
Windows 7 Professional
ASA 5520 . 8.2(1)
Thanks for any help.
02-09-2012 07:19 AM
If this is not causing any problem in connectivity then simple you can ignore this msg. Its something caused by phase 1 and phase 2 retransmission may be reason is packet drop or no response.
Thanks
Ajay
02-09-2012 07:28 AM
Yes you are right. But it does fill my sylog collector (Cisco Works). and you can't finde the tree in de forest - the more important logs.
And we did not had this before, suddenly it appeaered.
So I'd like to know what causded this.
Thanks, Martin
02-09-2012 07:31 AM
Difficult to get exact reason but i would guess packet drops if configuration is all set and things were working .
02-09-2012 07:38 AM
Maybe. The thing is that is exactly the same behavier with every user from every point in the world.
Same order of the (duplicate) Packets.
I think I will try to take a trace with Wireshark directly on Outside IF of ASA and put a client there, without Internet Firewall between.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: