Hi I've been trying to set up a Lan-to-Lan conneciton on my concentrator which connects to another 3000 concentrator. I'm able to ping his peer but I send traffic over the tunnel to bring it up I receive the follow message:
2330 05/03/2007 19:21:26.210 SEV=5 IKE/0 RPT=303
Received an un-encrypted Invalid Cookie notify message, dropping
I was trying to find out this means but no luck as of yet. Does anyone know what this means?
Seems like we got a message which was un-encrypted but should have been encrypted from the remote peer.
I would be able to guide you in the right direction, if you could please provide me the debugs from both the concentrators...
AUTH, AUTHDBG, IKE, IKEDBG, IPSEC, IPSECDBG for severities 1-13. Set those, and clear the logs on the monitoring section and try to pass traffic. After that, click on GETLOG and then send the logs in text format.
It would be nice to get the debugs to figure out what is happening before and after this error messages. The QM FSM error means Quick Mode Finite State Machine error. Which really means, the concentrator got something which it really wasnt expecting.
So, an error occured....Now we need to see the debugs at what face this error happened. Please run the debugs that I asked earlier and we can troubleshoot where the problem might be.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...