Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ipsec vpn tunnel dies between ASA and Avaya hardphone

Hello,

I have built an environmnet where ASA firewalls terminte ipsec vpn connection for Avaya Hard Phones.

(Avaya Hard Phones have the ability to create vpn to other party and using this secure tunnel for voice

traffic.)

The vpn connection is working but sometimes unexpectedly terminiates and this is what I see on ASA log files:

Jan 17 13:33:31 10.36.200.61 %ASA-5-713068: Group = VpnPhone, Username = VpnPhoneUsername1, IP = 176.63.x.x, Received non-routine Notify message: Invalid Payload (1)

Jan 17 13:33:39 10.36.200.61 %ASA-5-713068: Group = VpnPhone, Username = VpnPhoneUsername1, IP = 176.63.x.x, Received non-routine Notify message: Invalid Payload (1)

Jan 17 13:33:47 10.36.200.61 %ASA-5-713068: Group = VpnPhone, Username = VpnPhoneUsername1, IP = 176.63.x.x, Received non-routine Notify message: Invalid Payload (1)

Jan 17 13:33:53 10.36.200.61 %ASA-6-602304: IPSEC: An outbound remote access SA (SPI= 0xE9D75704) between 195.56.x.x and 176.63.x.x (user= VpnPhoneUsername1) has been deleted.

Jan 17 13:33:53 10.36.200.61 %ASA-6-602304: IPSEC: An inbound remote access SA (SPI= 0x2BE03030) between 176.63.x.x and 195.56.x.x (user= VpnPhoneUsername1) has been deleted.

Jan 17 13:33:55 10.36.200.61 %ASA-3-713902: Group = VpnPhone, Username = VpnPhoneUsername1, IP = 176.63.x.x, QM FSM error (P2 struct &0x73e0f658, mess id 0x7510c1a9)!

Jan 17 13:33:55 10.36.200.61 %ASA-5-713259: Group = VpnPhone, Username = VpnPhoneUsername1, IP = 176.63.x.x, Session is being torn down. Reason: Lost Service

Jan 17 13:33:55 10.36.200.61 %ASA-6-713273: Group = VpnPhone, Username = VpnPhoneUsername1, IP = 176.63.x.x, Deleting static route for client address: 10.136.11.25

Jan 17 13:33:55 10.36.200.61 %ASA-4-113019: Group = VpnPhone, Username = VpnPhoneUsername1, IP = 176.63.x.x, Session disconnected. Session Type: IPsecOverNatT, Duration: 2d 0h:28m:12s, Bytes xmt: 29983482, Bytes rcv: 3864271, Reason: Lost Service

Jan 17 13:33:55 10.36.200.61 %ASA-6-737016: IPAA: Freeing local pool address 10.136.11.25

I do not find the cause of this error. Do you have any idea?

few info about vpn settings:

I am using main mode, no-pfs, xauth.

PH1: 3des-sha1-esp

PH2: 3des-sha1

Thanks,

Andras

4 REPLIES
Bronze

ipsec vpn tunnel dies between ASA and Avaya hardphone

If we could get more on this:

Received non-routine Notify message: Invalid Payload (1)

received from the Avaya we could tell you more.

Debug with a high level, e.g.255, includes the raw isakmp resp. ikev2 message.

If you can't do that you need to contact Avaya support.

New Member

Re: ipsec vpn tunnel dies between ASA and Avaya hardphone

hi,

ok. I attach the debug log when the disconnection happened.

debug settings:

logging list vpn-debug level debugging class vpn

logging trap vpn-debug

I checked the log but to be honest it did not help me too much.

Thanks for helping,

Andras

Message was edited by: Andras Horvai

New Member

Re: ipsec vpn tunnel dies between ASA and Avaya hardphone

Hi,

Anybody? Any idea?

Andras

New Member

Hi Andras,Were you ever able

Hi Andras,

Were you ever able to resolve this? We are seeing similar invalid payload messages with the Avaya hard phones connecting to the VPN.

 

Thanks

506
Views
0
Helpful
4
Replies