Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

rv320 site to site VPN with ASA5510 failing

I have been banging my head against the wall all day trying to get a site to site tunnel to work from a remote rv320 to an ASA 5510 at the main office. The tunnel will not come up no matter which options I try. Has anyone else gotten a rv320 to establish a site to site ipsec tunnel with an ASA? If so, can you please share the config or at least which options you chose?

When debugging on the ASA it appears to complete PHASE 1 but then gets an error (Received non-routine Notify message: Invalid ID info) before killing off the tunnel. Any ideas? I am at a loss right now. The preshared key has been retyped dozens of times and I have confirmed the network ranges are correct on both sides.

More info:

ASA is running 9.1(4)

RV320 is running v1.1.1.06

The debug is as follows:


Aug 01 14:25:36 [IKEv1]IP = 173.xxx.xxx.xxx, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + NONE (0) total length : 100
Aug 01 14:25:36 [IKEv1 DEBUG]IP = 173.xxx.xxx.xxx, processing SA payload
Aug 01 14:25:36 [IKEv1 DEBUG]IP = 173.xxx.xxx.xxx, Oakley proposal is acceptable
Aug 01 14:25:36 [IKEv1 DEBUG]IP = 173.xxx.xxx.xxx, processing VID payload
Aug 01 14:25:36 [IKEv1 DEBUG]IP = 173.xxx.xxx.xxx, Received DPD VID
Aug 01 14:25:36 [IKEv1 DEBUG]IP = 173.xxx.xxx.xxx, processing IKE SA payload
Aug 01 14:25:36 [IKEv1 DEBUG]IP = 173.xxx.xxx.xxx, IKE SA Proposal # 1, Transform # 0 acceptable  Matches global IKE entry # 2
Aug 01 14:25:36 [IKEv1 DEBUG]IP = 173.xxx.xxx.xxx, constructing ISAKMP SA payload
Aug 01 14:25:36 [IKEv1 DEBUG]IP = 173.xxx.xxx.xxx, constructing Fragmentation VID + extended capabilities payload
Aug 01 14:25:36 [IKEv1]IP = 173.xxx.xxx.xxx, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + NONE (0) total length : 104
Aug 01 14:25:36 [IKEv1]IP = 173.xxx.xxx.xxx, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + NONE (0) total length : 180
Aug 01 14:25:36 [IKEv1 DEBUG]IP = 173.xxx.xxx.xxx, processing ke payload
Aug 01 14:25:36 [IKEv1 DEBUG]IP = 173.xxx.xxx.xxx, processing ISA_KE payload
Aug 01 14:25:36 [IKEv1 DEBUG]IP = 173.xxx.xxx.xxx, processing nonce payload
Aug 01 14:25:36 [IKEv1 DEBUG]IP = 173.xxx.xxx.xxx, constructing ke payload
Aug 01 14:25:36 [IKEv1 DEBUG]IP = 173.xxx.xxx.xxx, constructing nonce payload
Aug 01 14:25:36 [IKEv1 DEBUG]IP = 173.xxx.xxx.xxx, constructing Cisco Unity VID payload
Aug 01 14:25:36 [IKEv1 DEBUG]IP = 173.xxx.xxx.xxx, constructing xauth V6 VID payload
Aug 01 14:25:36 [IKEv1 DEBUG]IP = 173.xxx.xxx.xxx, Send IOS VID
Aug 01 14:25:36 [IKEv1 DEBUG]IP = 173.xxx.xxx.xxx, Constructing ASA spoofing IOS Vendor ID payload (version: 1.0.0, capabilities: 20000001)
Aug 01 14:25:36 [IKEv1 DEBUG]IP = 173.xxx.xxx.xxx, constructing VID payload
Aug 01 14:25:36 [IKEv1 DEBUG]IP = 173.xxx.xxx.xxx, Send Altiga/Cisco VPN3000/Cisco ASA GW VID
Aug 01 14:25:36 [IKEv1]IP = 173.xxx.xxx.xxx, Connection landed on tunnel_group 173.xxx.xxx.xxx
Aug 01 14:25:36 [IKEv1 DEBUG]Group = 173.xxx.xxx.xxx, IP = 173.xxx.xxx.xxx, Generating keys for Responder...
Aug 01 14:25:36 [IKEv1]IP = 173.xxx.xxx.xxx, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 256
Aug 01 14:25:36 [IKEv1]IP = 173.xxx.xxx.xxx, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + ID (5) + HASH (8) + NONE (0) total length : 64
Aug 01 14:25:36 [IKEv1 DEBUG]Group = 173.xxx.xxx.xxx, IP = 173.xxx.xxx.xxx, processing ID payload
Aug 01 14:25:36 [IKEv1 DECODE]Group = 173.xxx.xxx.xxx, IP = 173.xxx.xxx.xxx, ID_IPV4_ADDR ID received
173.xxx.xxx.xxx
Aug 01 14:25:36 [IKEv1 DEBUG]Group = 173.xxx.xxx.xxx, IP = 173.xxx.xxx.xxx, processing hash payload
Aug 01 14:25:36 [IKEv1 DEBUG]Group = 173.xxx.xxx.xxx, IP = 173.xxx.xxx.xxx, Computing hash for ISAKMP
Aug 01 14:25:36 [IKEv1]IP = 173.xxx.xxx.xxx, Connection landed on tunnel_group 173.xxx.xxx.xxx
Aug 01 14:25:36 [IKEv1 DEBUG]Group = 173.xxx.xxx.xxx, IP = 173.xxx.xxx.xxx, constructing ID payload
Aug 01 14:25:36 [IKEv1 DEBUG]Group = 173.xxx.xxx.xxx, IP = 173.xxx.xxx.xxx, constructing hash payload
Aug 01 14:25:36 [IKEv1 DEBUG]Group = 173.xxx.xxx.xxx, IP = 173.xxx.xxx.xxx, Computing hash for ISAKMP
Aug 01 14:25:36 [IKEv1 DEBUG]Group = 173.xxx.xxx.xxx, IP = 173.xxx.xxx.xxx, constructing dpd vid payload
Aug 01 14:25:36 [IKEv1]IP = 173.xxx.xxx.xxx, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + ID (5) + HASH (8) + VENDOR (13) + NONE (0) total length : 105
Aug 01 14:25:36 [IKEv1]Group = 173.xxx.xxx.xxx, IP = 173.xxx.xxx.xxx, PHASE 1 COMPLETED
Aug 01 14:25:36 [IKEv1]IP = 173.xxx.xxx.xxx, Keep-alive type for this connection: DPD
Aug 01 14:25:36 [IKEv1 DEBUG]Group = 173.xxx.xxx.xxx, IP = 173.xxx.xxx.xxx, Starting P1 rekey timer: 5400 seconds.
Aug 01 14:25:36 [IKEv1 DEBUG]Group = 173.xxx.xxx.xxx, IP = 173.xxx.xxx.xxx, sending notify message
Aug 01 14:25:36 [IKEv1 DEBUG]Group = 173.xxx.xxx.xxx, IP = 173.xxx.xxx.xxx, constructing blank hash payload
Aug 01 14:25:36 [IKEv1 DEBUG]Group = 173.xxx.xxx.xxx, IP = 173.xxx.xxx.xxx, constructing qm hash payload
Aug 01 14:25:36 [IKEv1]IP = 173.xxx.xxx.xxx, IKE_DECODE SENDING Message (msgid=475a7267) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 88
Aug 01 14:25:36 [IKEv1]IP = 173.xxx.xxx.xxx, IKE_DECODE RECEIVED Message (msgid=98ef5834) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 64
Aug 01 14:25:36 [IKEv1 DEBUG]Group = 173.xxx.xxx.xxx, IP = 173.xxx.xxx.xxx, processing hash payload
Aug 01 14:25:36 [IKEv1 DEBUG]Group = 173.xxx.xxx.xxx, IP = 173.xxx.xxx.xxx, processing notify payload
Aug 01 14:25:36 [IKEv1]Group = 173.xxx.xxx.xxx, IP = 173.xxx.xxx.xxx, Received non-routine Notify message: Invalid ID info (18)
Aug 01 14:25:51 [IKEv1 DEBUG]Group = 173.xxx.xxx.xxx, IP = 173.xxx.xxx.xxx, Sending keep-alive of type DPD R-U-THERE (seq number 0x4c4cf221)
Aug 01 14:25:51 [IKEv1 DEBUG]Group = 173.xxx.xxx.xxx, IP = 173.xxx.xxx.xxx, constructing blank hash payload
Aug 01 14:25:51 [IKEv1 DEBUG]Group = 173.xxx.xxx.xxx, IP = 173.xxx.xxx.xxx, constructing qm hash payload
Aug 01 14:25:51 [IKEv1]IP = 173.xxx.xxx.xxx, IKE_DECODE SENDING Message (msgid=ed87a90d) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84
Aug 01 14:25:53 [IKEv1 DEBUG]Group = 173.xxx.xxx.xxx, IP = 173.xxx.xxx.xxx, Sending keep-alive of type DPD R-U-THERE (seq number 0x4c4cf222)
Aug 01 14:25:53 [IKEv1 DEBUG]Group = 173.xxx.xxx.xxx, IP = 173.xxx.xxx.xxx, constructing blank hash payload
Aug 01 14:25:53 [IKEv1 DEBUG]Group = 173.xxx.xxx.xxx, IP = 173.xxx.xxx.xxx, constructing qm hash payload
Aug 01 14:25:53 [IKEv1]IP = 173.xxx.xxx.xxx, IKE_DECODE SENDING Message (msgid=f982d145) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84
Aug 01 14:25:55 [IKEv1 DEBUG]Group = 173.xxx.xxx.xxx, IP = 173.xxx.xxx.xxx, Sending keep-alive of type DPD R-U-THERE (seq number 0x4c4cf223)
Aug 01 14:25:55 [IKEv1 DEBUG]Group = 173.xxx.xxx.xxx, IP = 173.xxx.xxx.xxx, constructing blank hash payload
Aug 01 14:25:55 [IKEv1 DEBUG]Group = 173.xxx.xxx.xxx, IP = 173.xxx.xxx.xxx, constructing qm hash payload
Aug 01 14:25:55 [IKEv1]IP = 173.xxx.xxx.xxx, IKE_DECODE SENDING Message (msgid=d7954333) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84
Aug 01 14:25:57 [IKEv1]Group = 173.xxx.xxx.xxx, IP = 173.xxx.xxx.xxx, IKE lost contact with remote peer, deleting connection (keepalive type: DPD)
Aug 01 14:25:57 [IKEv1 DEBUG]Group = 173.xxx.xxx.xxx, IP = 173.xxx.xxx.xxx, IKE SA MM:8f621e72 rcv'd Terminate: state MM_ACTIVE  flags 0x00000042, refcnt 1, tuncnt 0
Aug 01 14:25:57 [IKEv1 DEBUG]Group = 173.xxx.xxx.xxx, IP = 173.xxx.xxx.xxx, IKE SA MM:8f621e72 terminating:  flags 0x01000002, refcnt 0, tuncnt 0
Aug 01 14:25:57 [IKEv1 DEBUG]Group = 173.xxx.xxx.xxx, IP = 173.xxx.xxx.xxx, sending delete/delete with reason message
Aug 01 14:25:57 [IKEv1 DEBUG]Group = 173.xxx.xxx.xxx, IP = 173.xxx.xxx.xxx, constructing blank hash payload
Aug 01 14:25:57 [IKEv1 DEBUG]Group = 173.xxx.xxx.xxx, IP = 173.xxx.xxx.xxx, constructing IKE delete payload
Aug 01 14:25:57 [IKEv1 DEBUG]Group = 173.xxx.xxx.xxx, IP = 173.xxx.xxx.xxx, constructing qm hash payload
Aug 01 14:25:57 [IKEv1]IP = 173.xxx.xxx.xxx, IKE_DECODE SENDING Message (msgid=6f9cc0e2) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 80
Aug 01 14:25:57 [IKEv1]Group = 173.xxx.xxx.xxx, IP = 173.xxx.xxx.xxx, Session is being torn down. Reason: Lost Service

 

Everyone's tags (1)
22
Views
0
Helpful
0
Replies