Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Site to site vpn with cisco ASA and Microsoft Azure

Hi,

We're trying to establish vpn with azure's nvgre gateway but vpn is not established. Here is the log files any comments?

Regards.


Firewall# IKEv2-PROTO-1: (4):
IKEv2-PROTO-1: Invalid responder's spiIKEv2-PROTO-1: (4): Detected an invalid value in the packet
IKEv2-PROTO-1: (4):
IKEv2-PROTO-1: (4): A supplied parameter is incorrect
IKEv2-PROTO-1: (4):
IKEv2-PROTO-1: (4): Initial exchange failed
IKEv2-PROTO-1: (4): Initial exchange failed
IKEv2-PLAT-1: Failed to remove peer correlation entry from cikePeerCorrTable.  Local Type = 0.  Local Address = 0.0.0.0.  Remote Type = 0.  Remote Address = 0.0.0.0.  Correlation Peer Index = 0. IPSEC Tunnel Index = 0.
IKEv2-PROTO-1: (5):
IKEv2-PROTO-1: Invalid responder's spiIKEv2-PROTO-1: (5): Detected an invalid value in the packet
IKEv2-PROTO-1: (5):
IKEv2-PROTO-1: (5): A supplied parameter is incorrect
IKEv2-PROTO-1: (5):
IKEv2-PROTO-1: (5): Initial exchange failed
IKEv2-PROTO-1: (5): Initial exchange failed
IKEv2-PLAT-1: Failed to remove peer correlation entry from cikePeerCorrTable.  Local Type = 0.  Local Address = 0.0.0.0.  Remote Type = 0.  Remote Address = 0.0.0.0.  Correlation Peer Index = 0. IPSEC Tunnel Index = 0.
IKEv2-PROTO-1: (6):
IKEv2-PROTO-1: Invalid responder's spiIKEv2-PROTO-1: (6): Detected an invalid value in the packet
IKEv2-PROTO-1: (6):
IKEv2-PROTO-1: (6): A supplied parameter is incorrect
IKEv2-PROTO-1: (6):
IKEv2-PROTO-1: (6): Initial exchange failed
IKEv2-PROTO-1: (6): Initial exchange failed
IKEv2-PLAT-1: Failed to remove peer correlation entry from cikePeerCorrTable.  Local Type = 0.  Local Address = 0.0.0.0.  Remote Type = 0.  Remote Address = 0.0.0.0.  Correlation Peer Index = 0. IPSEC Tunnel Index = 0.


Firewall#

Firewall# IKEv2-PROTO-1: (7):
IKEv2-PROTO-1: Invalid responder's spiIKEv2-PROTO-1: (7): Detected an invalid value in the packet
IKEv2-PROTO-1: (7):
IKEv2-PROTO-1: (7): A supplied parameter is incorrect
IKEv2-PROTO-1: (7):
IKEv2-PROTO-1: (7): Initial exchange failed
IKEv2-PROTO-1: (7): Initial exchange failed
IKEv2-PLAT-1: Failed to remove peer correlation entry from cikePeerCorrTable.  Local Type = 0.  Local Address = 0.0.0.0.  Remote Type = 0.  Remote Address = 0.0.0.0.  Correlation Peer Index = 0. IPSEC Tunnel Index = 0.

Everyone's tags (1)
1 REPLY
New Member

Pls note that if  on the

Pls note that if  on the Microsoft Azure side you are using dynamic routing then it will only try to establish the tunnel with the ASA using ikev2 only, it seems to be the case as per the above log/debug

If you are using Ikev1 on the ASA then you must use Static routing on the Azure side to bring the tunnel up with ikev1 without issues

If you definitely need to use dynamic routing for the site to site tunnel, then using ikev2 is the option.

I hope this helps!

579
Views
0
Helpful
1
Replies
CreatePlease login to create content