Land Attack Error on ASA 5540 when installing ISAKMP/IPSEC Tunnel
I get these two messages when I setup an IPSEC tunnel between two ASA 5540s with 3 or 4 router hops in between. I can't get the tunnel to come up or ping across the network. I was able to ping all hops before this. I saved the working config before I started configuring ISAKMP/IPSEC. My configs are identical except for flipped IP addresses which is appropriate. Has anyone seen this or have an idea how to get the tunnel up?
Error Message %PIX|ASA-2-106017: Deny IP due to Land Attack from IP_address to
Explanation The security appliance received a packet with the IP source address equal to the IP destination, and the destination port equal to the source port. This message indicates a spoofed packet that is designed to attack systems. This attack is referred to as a Land Attack.
Recommended Action If this message persists, an attack may be in progress. The packet does not provide enough information to determine where the attack originates.
713902 IP = x.x.x.x, Removing peer from table failed, no match!
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...