Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Removing peer from peer tabled failed, no match - Disconnected User

Hello all!

I have a remote site that connects via a vpn 3005 hardware client to an asa5510 for vpn access, along with several others users in the same group.  Every morning I see my syslog spitting out the following:

11-18-2010 07:11:35 Local4.Notice xxx.xxxxx.xxx Nov 18 2010 13:11:35: %ASA-5-713201: Group = groupname, IP = xx.xx.xx.xx, Duplicate Phase 1 packet detected.  Retransmitting last packet.
11-18-2010 07:11:27 Local4.Notice xxx.xxxxx.xxx Nov 18 2010 13:11:27: %ASA-5-713201: Group = groupname, IP = xx.xx.xx.xx, Duplicate Phase 1 packet detected.  Retransmitting last packet.
11-18-2010 07:11:07 Local4.Warning xxx.xxxxx.xxx Nov 18 2010 13:11:07: %ASA-4-713903: Group = groupname, IP = xx.xx.xx.xx, Error: Unable to remove PeerTblEntry
11-18-2010 07:11:07 Local4.Error xxx.xxxxx.xxx Nov 18 2010 13:11:07: %ASA-3-713902: Group = groupname, IP = xx.xx.xx.xx, Removing peer from peer table failed, no match!

The difference with this user is that I believe they are shutting off their cable modem or the vpn 3005 client at night while closed, as they can connect just fine in the morning.  I'm curious as to why the ASA isn't dropping the user completely and am hoping some one can let me know what to do so that I can clean it up and keep my syslog from constantly getting messages in regard to this until there is an actual issue.  BTW, my asa is on code: 8.2(1)

Thanks

Raun

1 REPLY
Cisco Employee

Re: Removing peer from peer tabled failed, no match - Disconnect

Since this is EzVPN from a 3005 client to ASA. The ASA can never be the initiator hence it is the 3005 side who is the initiator of the first packet, the ASA replies to it but the reply never reaches to the client:

11-18-2010 07:11:35 Local4.Notice xxx.xxxxx.xxx Nov 18 2010 13:11:35: %ASA-5-713201: Group = groupname, IP = xx.xx.xx.xx, Duplicate Phase 1 packet detected.  Retransmitting last packet.
11-18-2010 07:11:27 Local4.Notice xxx.xxxxx.xxx Nov 18 2010 13:11:27: %ASA-5-713201: Group = groupname, IP = xx.xx.xx.xx, Duplicate Phase 1 packet detected.  Retransmitting last packet.

The above logs says that the ASA received a Phase 1 ISAKMP negotiation packet and ASA replied (hence Duplicate packet since ASA already replied to that first negotiation packet)

If they are shutting down the cable modem at night then they are shutting down their path to internet, in that case you should not be receiving any packets from this client after office hours. My guess is that this is some weird problem with the cable modem after so many hours of being up and they are actually reloading the Modem in the morning to bring the connectivity up --  well, this is just an assumption.

1267
Views
0
Helpful
1
Replies
CreatePlease to create content