Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Land Attack Error on ASA 5540 when installing ISAKMP/IPSEC Tunnel

I get these two messages when I setup an IPSEC tunnel between two ASA 5540s with 3 or 4 router hops in between. I can't get the tunnel to come up or ping across the network. I was able to ping all hops before this. I saved the working config before I started configuring ISAKMP/IPSEC. My configs are identical except for flipped IP addresses which is appropriate. Has anyone seen this or have an idea how to get the tunnel up?


Error Message %PIX|ASA-2-106017: Deny IP due to Land Attack from IP_address to


Explanation The security appliance received a packet with the IP source address equal to the IP destination, and the destination port equal to the source port. This message indicates a spoofed packet that is designed to attack systems. This attack is referred to as a Land Attack.

Recommended Action If this message persists, an attack may be in progress. The packet does not provide enough information to determine where the attack originates.

713902 IP = x.x.x.x, Removing peer from table failed, no match!

Error Message %PIX|ASA-3-713902 descriptive_event_string

Explanation This system log message could have several possible text strings describing an error. This may be the result of a configuration error either on the headend or remote access client.

Recommended Action It might be necessary to troubleshoot the configuration to determine the cause of the error. Check the ISAKMP and crypto map configuration on both peers.


  • VPN
New Member

Re: Land Attack Error on ASA 5540 when installing ISAKMP/IPSEC T

A tunnel is formed using IPsec. IPsec is a combination of open standards that provide data confidentiality, data integrity, and data origin authentication between IPsec peers.

This widget could not be displayed.