Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN error %ASA-7-715042 - IKE received response of type to a request from the IP address utility

Hello,

I'm having an issue where clients seem to randomly not be assigned an IP address for their session. We're using an ACS to authenticate sessions to a back end RSA server and here's what I've found thus far

RSA - Shows a passcode acepted message for the user

ACS - Shows a succesful login for the user

ASA logs - Show a succesful login for the user except for when the session requests the IP address

Config parameters

ACS - Auths and provides the IP

ASA - Address Assignment Policy is set to "use authentication server"

VPN logs (important excerpts below)

Aug 10 2012 09:22:17: %ASA-7-734003: DAP: User ****, Addr x.x.x.x : Session Attribute aaa.cisco.ipaddress = x.x.x.x
Aug 10 2012 09:22:17: %ASA-7-715053: Group = ****, Username = ****, IP = x.x.x.x, MODE_CFG: Received request for IPV4 address!
Aug 10 2012 09:22:17: %ASA-7-715042: Group = **** , Username = ****, IP = x.x.x.x, IKE received response of type [] to a request from the IP address utility
Aug 10 2012 09:22:17: %ASA-3-713132: Group = **** , Username = ****, IP = x.x.x.x , Cannot obtain an IP address for remote peer
Aug 10 2012 09:22:17: %ASA-7-715065: Group = ****, Username = ****, IP = x.x.x.x, IKE TM V6 FSM error history (struct &0x7666e750)  <state>, <event>:  TM_DONE, EV_ERROR-->TM_BLD_REPLY, EV_IP_FAIL-->TM_BLD_REPLY, NullEvent-->TM_BLD_REPLY, EV_GET_IP-->TM_BLD_REPLY, EV_NEED_IP-->TM_WAIT_REQ, EV_PROC_MSG-->TM_WAIT_REQ, EV_HASH_OK-->TM_WAIT_REQ, NullEvent
Aug 10 2012 09:22:17: %ASA-7-715065: Group = ****, Username = ****, IP = x.x.x.x , IKE AM Responder FSM error history (struct &0x76e389f0)  <state>, <event>:  AM_DONE, EV_ERROR-->AM_TM_INIT_MODECFG_V6H, EV_TM_FAIL-->AM_TM_INIT_MODECFG_V6H, NullEvent-->AM_TM_INIT_MODECFG, EV_WAIT-->AM_TM_INIT_XAUTH_V6H, EV_CHECK_QM_MSG-->AM_TM_INIT_XAUTH_V6H, EV_TM_XAUTH_OK-->AM_TM_INIT_XAUTH_V6H, NullEvent-->AM_TM_INIT_XAUTH_V6H, EV_ACTIVATE_NEW_SA
Aug 10 2012 09:22:17: %ASA-7-713906: Group = **** , Username = ****, IP = x.x.x.x, IKE SA AM:747faf8a terminating:  flags 0x0945c001, refcnt 0, tuncnt 0
Aug 10 2012 09:22:17: %ASA-7-713906: Group = **** , Username = ****, IP = x.x.x.x   , sending delete/delete with reason message

I haven't been able to consistently re-create this scenario but it has happened to me at random times. User experience is that they can try to connect anywhere between 2-10 attempts before getting in and the logs always show that a valid IP was recieved from the ACS server.

Any help and/or recommendations would be appreciated.





1 REPLY
New Member

VPN error %ASA-7-715042 - IKE received response of type to a req

Update to this item. I added a local IP pool and change the address assignment policy to pull from the local server then added the pool to the IPsec and Anyconnect profiles.Then changed the ACS config to not assign an address.

Not getting as many errors like this however they're still happening.

1528
Views
0
Helpful
1
Replies
CreatePlease login to create content