Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
4588
Views
0
Helpful
1
Replies

peer-id-validate

Anatoly Fanrus
Level 1
Level 1

ā€Ž02-13-2014 12:06 AM

Hello,

please explain to me what it means.

Debug  from ASA

Feb 13 11:12:31 [IKEv1]Group = X.X.X.X, IP = X.X.X.X, Removing peer from correlator table failed, no match!
Feb 13 11:12:31 [IKEv1]Group = X.X.X.X, IP = X.X.X.X, Session is being torn down. Reason: User Requested

After i configured the following command "peer-id-validate nocheck"  everything is ok.

tunnel-group X.X.X.X ipsec-attributes

ikev1 pre-shared-key xxxx
peer-id-validate nocheck

Is it safe to use it.

Labels:
0 Helpful
1 Reply 1

Poonam Garg
Level 3
Level 3

ā€Ž02-13-2014 02:50 AM

Hello Anatoly,

This debug output is generally seen when there is a mismatch of ipsec transform-set between two peers or mismatch of Proxy Acls in phase 2.

Whereas the peer-ip-validate command specifies the use of certificates.The nocheck parameter specifies that certificates will not be used (pre-shared keys will be used instead with the pre-shared-key command). The req parameter specifies that certificates must be used with the remote peer, or a tunnel wonā€™t be built. The default setting for this command is req, unless you configure a pre-shared key.

I don't find any connection between the two.

HTH

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents