I'm having problems with a VPN l2l disconnection is done with Linux Centos establishing the VPN but after restart the desert while I send the log link
Could not find centry for IPSec SA delete with reason message - SPI 0x180DFA53
Can you please share your config and running version?
When has thsis started appearing, does reload help for a while? Is Nat-t in use? etc etc
thank you the configuration is
tunnel-group x.x.x.x type ipsec-l2l
tunnel-group x.x.x.x ipsec-attributes
crypto map outside_vpn 7 match address outside_cryptomap_5
crypto map outside_vpn 7 set peer x.x.x.x
crypto map outside_vpn 7 set transform-set ESP-AES-256-SHA
access-list outside_cryptomap_5 line 1 extended permit ip object-group CIBERSONSSV host x.x.x.x
access-list outside_cryptomap_5 line 1 extended permit ip host 10.19.x.x0 host 72.24.x.x (hitcnt=606)
access-list outside_cryptomap_5 line 1 extended permit ip host 10.19.x.x host 72.24.x.x (hitcnt=39
the version de IOS 8.0.4-k8 and yes nat-t
Is the remote peer behind a NAT device ?
I mean to say that the centos linux machine has a private ip thats being NATTED by any device inbetween ? also linux isnt running iptables if it is then try after shutting down iptables.
IF not then try to clear crypto sa's and send intersecting traffic.
To add to post above.
There is nothing fixed from 8.0.4 on in 8.0 train that would seems like a bug.
Debugging + capture might be a good way to start dealing with this.
can you please clarify few thing ?
1> is it tunnel between an ASA and linux router ( centos) ?
2> If the linux side is just a host and you want to incrypt traffic between that linux server and you clients , then is that Linux machine behind a NAT device ?
3> post debug from ASA debug crypto iskamp & ipsec sa ?
4> post debug from LINUX -- > cat /etc/ipsec.secrets and match the PSK on both sides ?
5> cat /etc/sysconfig/network-scripts/ifcfg-ipsecx ?
1.- yes the tunnel is between ASA and Centos linux
2.- I want to incrypt traffic between that linux server and not client the server
please clarify - i understand that tunnel comes up fine, but when you restart the linux server, after that the tunnel does not come up fine
i havent read the entire thread, so just trying to understand
if what i think is right, then there is one side which is not bringing down the tunnel entirely, before i proceed further on this line would like your confirmation
I mention following the tunnel is established between the ASA and the CentOS Linux server pas phase 1 and phase 2 but after settling the tunnel goes down.
to debug I put in the ASA to find a solution to this problem
Thanks for your help.
please enable thew conditional debugs and paste the output
debug crypto condition peer
debug crypto isakmp 127
debug crypto ipsec 127