01-07-2014 01:03 PM - edited 02-21-2020 07:25 PM
Hey everyone, been in here several times with the same problem.
I run serveral ASAs on several internet providers that all fail on a L2L to a remote site. On the remote site we have tried Palo Alto, Fortigate, Cisco ASA5505. On the local siste i run a 5555-X and a 5550.
The config is correct and the ipsec can run normally for 1 hour to 14 days, then it drops, after that both firewalls complaines about duplicate phase 1 packets. This for me seems like the one of the FWs could have a wrong route or something but everything checks out. I can ping and access https for example on the remote box, it only fails on L2L. Diffrent public IP have been used to rule out duplicate IP on the remote site.
Attached are error logs from both boxes, they are almost identical. I have contacted the ISP on the remote site for assistence, but not much help.
The local and remote sites all run other tunnels ok (100+).
I have been working on this for 4 months and Im about to go totally loopy !,
Can anyone assist ?
Regard J.
01-09-2014 02:49 AM
Just one thing, why do I see "Aggressive mode" for Phase 1? Is that on porpose?
Also, could you try to capture the IKE packets just to make sure that all packets arrive resp. are sent on both sides?
01-11-2014 11:11 AM
Aggresive was on perpose, I was on as test when I took the log, never been used when the problem had occured.
I have now recived a new IP from the remote ISP, some problems were discovered and Im waiting to see if the tunnel goes down again.
Sent from Cisco Technical Support iPhone App
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide