Hi,

I am having problems with this tunnel. It is configured on a second wan interface that uses SLA monitoring. The idea is that when there is a problem with the primary ISP, the backup connection is enabled and establishes the tunnel. In testing, the sla portion works normally, the backup becomes the primary route, but the tunnel is not established. All config was done using ASDM. Here is the log I got on the local side with public ip of the backup isp connection stripped:

2011-11-04 00:05:37    Local4.Debug    192.168.50.30    Nov 04 2011 00:05:38: %ASA-7-713236: IP = 1.1.1.1, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + KE (4) + NONCE (10) + ID (5) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 368

2011-11-04 00:05:37    Local4.Debug    192.168.50.30    Nov 04 2011 00:05:38: %ASA-7-715047: IP = 1.1.1.1, processing SA payload

2011-11-04 00:05:37    Local4.Debug    192.168.50.30    Nov 04 2011 00:05:38: %ASA-7-715047: IP = 1.1.1.1, processing ke payload

2011-11-04 00:05:37    Local4.Debug    192.168.50.30    Nov 04 2011 00:05:38: %ASA-7-715047: IP = 1.1.1.1, processing ISA_KE payload

2011-11-04 00:05:37    Local4.Debug    192.168.50.30    Nov 04 2011 00:05:38: %ASA-7-715047: IP = 1.1.1.1, processing nonce payload

2011-11-04 00:05:37    Local4.Debug    192.168.50.30    Nov 04 2011 00:05:38: %ASA-7-715047: IP = 1.1.1.1, processing ID payload

2011-11-04 00:05:37    Local4.Debug    192.168.50.30    Nov 04 2011 00:05:38: %ASA-7-714011: IP = 1.1.1.1, ID_IPV4_ADDR ID received

1.1.1.1

2011-11-04 00:05:37    Local4.Debug    192.168.50.30    Nov 04 2011 00:05:38: %ASA-7-715047: IP = 1.1.1.1, processing VID payload

2011-11-04 00:05:37    Local4.Debug    192.168.50.30    Nov 04 2011 00:05:38: %ASA-7-715049: IP = 1.1.1.1, Received Cisco Unity client VID

2011-11-04 00:05:37    Local4.Debug    192.168.50.30    Nov 04 2011 00:05:38: %ASA-7-715047: IP = 1.1.1.1, processing VID payload

2011-11-04 00:05:37    Local4.Debug    192.168.50.30    Nov 04 2011 00:05:38: %ASA-7-715049: IP = 1.1.1.1, Received xauth V6 VID

2011-11-04 00:05:37    Local4.Debug    192.168.50.30    Nov 04 2011 00:05:38: %ASA-7-715047: IP = 1.1.1.1, processing VID payload

2011-11-04 00:05:37    Local4.Debug    192.168.50.30    Nov 04 2011 00:05:38: %ASA-7-715049: IP = 1.1.1.1, Received NAT-Traversal ver 02 VID

2011-11-04 00:05:37    Local4.Debug    192.168.50.30    Nov 04 2011 00:05:38: %ASA-7-715047: IP = 1.1.1.1, processing VID payload

2011-11-04 00:05:37    Local4.Debug    192.168.50.30    Nov 04 2011 00:05:38: %ASA-7-715049: IP = 1.1.1.1, Received NAT-Traversal ver 03 VID

2011-11-04 00:05:37    Local4.Debug    192.168.50.30    Nov 04 2011 00:05:38: %ASA-7-715047: IP = 1.1.1.1, processing VID payload

2011-11-04 00:05:37    Local4.Debug    192.168.50.30    Nov 04 2011 00:05:38: %ASA-7-715049: IP = 1.1.1.1, Received NAT-Traversal RFC VID

2011-11-04 00:05:37    Local4.Debug    192.168.50.30    Nov 04 2011 00:05:38: %ASA-7-715047: IP = 1.1.1.1, processing VID payload

2011-11-04 00:05:37    Local4.Debug    192.168.50.30    Nov 04 2011 00:05:38: %ASA-7-715049: IP = 1.1.1.1, Received Fragmentation VID

2011-11-04 00:05:37    Local4.Debug    192.168.50.30    Nov 04 2011 00:05:38: %ASA-7-715064: IP = 1.1.1.1, IKE Peer included IKE fragmentation capability flags:  Main Mode:        True  Aggressive Mode:  True

2011-11-04 00:05:37    Local4.Warning    192.168.50.30    Nov 04 2011 00:05:38: %ASA-4-713255: IP = 1.1.1.1, Received ISAKMP Aggressive Mode message 1 with unknown tunnel group name '1.1.1.1'.

2011-11-04 00:05:37    Local4.Debug    192.168.50.30    Nov 04 2011 00:05:38: %ASA-7-715047: Group = DefaultRAGroup, IP = 1.1.1.1, processing IKE SA payload

2011-11-04 00:05:37    Local4.Debug    192.168.50.30    Nov 04 2011 00:05:38: %ASA-7-713236: IP = 1.1.1.1, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + NOTIFY (11) + NONE (0) total length : 96

2011-11-04 00:05:37    Local4.Debug    192.168.50.30    Nov 04 2011 00:05:38: %ASA-7-713906: Group = DefaultRAGroup, IP = 1.1.1.1, All SA proposals found unacceptable

2011-11-04 00:05:37    Local4.Debug    192.168.50.30    Nov 04 2011 00:05:38: %ASA-7-713906: IP = 1.1.1.1, All IKE SA proposals found unacceptable!

2011-11-04 00:05:37    Local4.Debug    192.168.50.30    Nov 04 2011 00:05:38: %ASA-7-715065: Group = DefaultRAGroup, IP = 1.1.1.1, IKE AM Responder FSM error history (struct &0xd937a248)  <state>, <event>:  AM_DONE, EV_ERROR-->AM_BLD_MSG2, EV_PROCESS_SA-->AM_BLD_MSG2, EV_GROUP_LOOKUP-->AM_BLD_MSG2, EV_PROCESS_MSG-->AM_BLD_MSG2, EV_CREATE_TMR-->AM_START, EV_RCV_MSG-->AM_START, EV_START_AM-->AM_START, EV_START_AM

2011-11-04 00:05:37    Local4.Debug    192.168.50.30    Nov 04 2011 00:05:38: %ASA-7-713906: Group = DefaultRAGroup, IP = 1.1.1.1, IKE SA AM:97ffd215 terminating:  flags 0x0100c001, refcnt 0, tuncnt 0

2011-11-04 00:05:37    Local4.Debug    192.168.50.30    Nov 04 2011 00:05:38: %ASA-7-713906: Group = DefaultRAGroup, IP = 1.1.1.1, sending delete/delete with reason message

2011-11-04 00:05:37    Local4.Error    192.168.50.30    Nov 04 2011 00:05:38: %ASA-3-713902: Group = DefaultRAGroup, IP = 1.1.1.1, Removing peer from peer table failed, no match!

2011-11-04 00:05:37    Local4.Warning    192.168.50.30    Nov 04 2011 00:05:38: %ASA-4-713903: Group = DefaultRAGroup, IP = 1.1.1.1, Error: Unable to remove PeerTblEntry