VPN not working properly after 12.3 to 15.0(1)M7 migration
Hi guys, hope you are all doing great.
I'm having this issue where I did a router upgrade from a 1841 with 12.3 version to a 2921 router with 15.0 version (with all of the appropriate licensing) and the ezvpn configuration is not working properly.
Clients normally connect with their VPN client to the ASA going through the internet router, this was working properly but when the router was changed it seem that it is not finding a way to get the packet to the responder as we can see here so it is unable to establish the tunnel:
<165>Aug 31 2013 12:40:55: %ASA-5-713201: Group = x, IP = XX.XX.XX.XX, Duplicate Phase 1 packet detected. Retransmitting last packet.
<166>Aug 31 2013 12:40:55: %ASA-6-713905: Group = x, IP = XX.XX.XX.XX, P1 Retransmit msg dispatched to AM FSM
<165>Aug 31 2013 12:41:00: %ASA-5-713201: Group = x, IP = XX.XX.XX.XX, Duplicate Phase 1 packet detected. Retransmitting last packet.
<166>Aug 31 2013 12:41:00: %ASA-6-713905: Group = x, IP = XX.XX.XX.XX, P1 Retransmit msg dispatched to AM FSM
Aug 31 2013 12:41:13: %ASA-7-715065:Group = x, IP = XX.XX.XX.XX, IKE AM Responder FSM error history (struct &0xcff6f0b8) <state>, <event>: AM_DONE, EV_ERROR-->AM_WAIT_MSG3, EV_PROB_AUTH_FAIL-->AM_WAIT_MSG3, EV_TIMEOUT-->AM_WAIT_MSG3, NullEvent-->AM_SND_MSG2, EV_CRYPTO_ACTIVE-->AM_SND_MSG2, EV_SND_MSG-->AM_SND_MSG2, EV_START_TMR-->AM_SND_MSG2, EV_RESEND_MSG
The weirdest thing is that this only happens with one ISP (from the initiator), the other ones can connect properly.
I'm assuming this is a routing problem, but in the meantime I will be upgrading the new router to a newer 15 release.
I attach the configs, any comments are appreciated.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...