New Member

peer-id-validate

Hello,

please explain to me what it means.

Debug  from ASA

Feb 13 11:12:31 [IKEv1]Group = X.X.X.X, IP = X.X.X.X, Removing peer from correlator table failed, no match!
Feb 13 11:12:31 [IKEv1]Group = X.X.X.X, IP = X.X.X.X, Session is being torn down. Reason: User Requested

After i configured the following command "peer-id-validate nocheck"  everything is ok.

tunnel-group X.X.X.X ipsec-attributes

ikev1 pre-shared-key xxxx
peer-id-validate nocheck

Is it safe to use it.

1 REPLY
Silver

Re: peer-id-validate

Hello Anatoly,

This debug output is generally seen when there is a mismatch of ipsec transform-set between two peers or mismatch of Proxy Acls in phase 2.

Whereas the peer-ip-validate command specifies the use of certificates.The nocheck parameter specifies that certificates will not be used (pre-shared keys will be used instead with the pre-shared-key command). The req parameter specifies that certificates must be used with the remote peer, or a tunnel won’t be built. The default setting for this command is req, unless you configure a pre-shared key.

I don't find any connection between the two.

HTH

430
Views
0
Helpful
1
Replies
CreatePlease to create content