06-17-2010 07:28 AM - edited 02-21-2020 04:42 PM
Hi!
Anyone have an idea what's wrong in my setup. Im setting up VPN from windows 7 client to ASA5505 but gets disconnected at once.
console :
4|Jun 17 2010|17:26:06|113019|||Group = DefaultRAGroup, Username = , IP = xx.xxx.x.xxx, Session disconnected. Session Type: IPSecOverNatT, Duration: 0h:00m:00s, Bytes xmt: 0, Bytes rcv: 0, Reason: User Requested
6|Jun 17 2010|17:26:06|602304|||IPSEC: An outbound remote access SA (SPI= 0x1E17A2C0) between xx.xxx.x.xxx and xx.xxx.x.xxx (user= DefaultRAGroup) has been deleted.
6|Jun 17 2010|17:26:06|602304|||IPSEC: An inbound remote access SA (SPI= 0x38B99AF5) between xx.xxx.x.xxx and xx.xxx.x.xxx (user= DefaultRAGroup) has been deleted.
5|Jun 17 2010|17:26:06|713050|||Group = DefaultRAGroup, IP = xx.xxx.x.xxx, Connection terminated for peer . Reason: Peer Terminate Remote Proxy xx.xxx.x.xxx, Local Proxy xx.xxx.x.xxx
5|Jun 17 2010|17:26:06|713120|||Group = DefaultRAGroup, IP = xx.xxx.x.xxx, PHASE 2 COMPLETED (msgid=00000001)
6|Jun 17 2010|17:26:06|602303|||IPSEC: An inbound remote access SA (SPI= 0x38B99AF5) between xx.xxx.x.xxx and xx.xxx.x.xxx (user= DefaultRAGroup) has been created.
5|Jun 17 2010|17:26:06|713049|||Group = DefaultRAGroup, IP = xx.xxx.x.xxx, Security negotiation complete for User () Responder, Inbound SPI = 0x38b99af5, Outbound SPI = 0x1e17a2c0
6|Jun 17 2010|17:26:06|602303|||IPSEC: An outbound remote access SA (SPI= 0x1E17A2C0) between xx.xxx.x.xxx and xx.xxx.x.xxx (user= DefaultRAGroup) has been created.
3|Jun 17 2010|17:26:06|713122|||IP = xx.xxx.x.xxx, Keep-alives configured on but peer does not support keep-alives (type = None)
3|Jun 17 2010|17:26:06|713119|||Group = DefaultRAGroup, IP = xx.xxx.x.xxx, PHASE 1 COMPLETED
6|Jun 17 2010|17:26:06|113009|||AAA retrieved default group policy (DefaultRAGroup) for user = DefaultRAGroup
4|Jun 17 2010|17:26:06|713903|||Group = DefaultRAGroup, IP = xx.xxx.x.xxx, Freeing previously allocated memory for authorization-dn-attributes
6|Jun 17 2010|17:26:06|713172|||Group = DefaultRAGroup, IP = xx.xxx.x.xxx, Automatic NAT Detection Status: Remote end IS behind a NAT device This end is NOT behind a NAT device
log:
ciscoasa# Jun 17 17:12:47 [IKEv1]: IP = xx.xxx.x.xxx, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 384
Jun 17 17:12:47 [IKEv1 DEBUG]: IP = xx.xxx.x.xxx, processing SA payload
Jun 17 17:12:47 [IKEv1 DEBUG]: IP = xx.xxx.x.xxx, Oakley proposal is acceptable
Jun 17 17:12:47 [IKEv1 DEBUG]: IP = xx.xxx.x.xxx, processing VID payload
Jun 17 17:12:47 [IKEv1 DEBUG]: IP = xx.xxx.x.xxx, processing VID payload
Jun 17 17:12:47 [IKEv1 DEBUG]: IP = xx.xxx.x.xxx, Received NAT-Traversal RFC VID
Jun 17 17:12:47 [IKEv1 DEBUG]: IP = xx.xxx.x.xxx, processing VID payload
Jun 17 17:12:47 [IKEv1 DEBUG]: IP = xx.xxx.x.xxx, Received NAT-Traversal ver 02 VID
Jun 17 17:12:47 [IKEv1 DEBUG]: IP = xx.xxx.x.xxx, processing VID payload
Jun 17 17:12:47 [IKEv1 DEBUG]: IP = xx.xxx.x.xxx, Received Fragmentation VID
Jun 17 17:12:47 [IKEv1 DEBUG]: IP = xx.xxx.x.xxx, processing VID payload
Jun 17 17:12:47 [IKEv1 DEBUG]: IP = xx.xxx.x.xxx, processing VID payload
Jun 17 17:12:47 [IKEv1 DEBUG]: IP = xx.xxx.x.xxx, processing VID payload
Jun 17 17:12:47 [IKEv1 DEBUG]: IP = xx.xxx.x.xxx, processing IKE SA payload
Jun 17 17:12:47 [IKEv1 DEBUG]: IP = xx.xxx.x.xxx, IKE SA Proposal # 1, Transform # 5 acceptable Matches global IKE entry # 2
Jun 17 17:12:47 [IKEv1 DEBUG]: IP = xx.xxx.x.xxx, constructing ISAKMP SA payload
Jun 17 17:12:47 [IKEv1 DEBUG]: IP = xx.xxx.x.xxx, constructing NAT-Traversal VID ver 02 payload
Jun 17 17:12:47 [IKEv1 DEBUG]: IP = xx.xxx.x.xxx, constructing Fragmentation VID + extended capabilities payload
Jun 17 17:12:47 [IKEv1]: IP = xx.xxx.x.xxx, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 124
Jun 17 17:12:47 [IKEv1]: IP = xx.xxx.x.xxx, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + NAT-D (130) + NAT-D (130) + NONE (0) total length : 260
Jun 17 17:12:47 [IKEv1 DEBUG]: IP = xx.xxx.x.xxx, processing ke payload
Jun 17 17:12:47 [IKEv1 DEBUG]: IP = xx.xxx.x.xxx, processing ISA_KE payload
Jun 17 17:12:47 [IKEv1 DEBUG]: IP = xx.xxx.x.xxx, processing nonce payload
Jun 17 17:12:47 [IKEv1 DEBUG]: IP = xx.xxx.x.xxx, processing NAT-Discovery payload
Jun 17 17:12:47 [IKEv1 DEBUG]: IP = xx.xxx.x.xxx, computing NAT Discovery hash
Jun 17 17:12:47 [IKEv1 DEBUG]: IP = xx.xxx.x.xxx, processing NAT-Discovery payload
Jun 17 17:12:47 [IKEv1 DEBUG]: IP = xx.xxx.x.xxx, computing NAT Discovery hash
Jun 17 17:12:47 [IKEv1 DEBUG]: IP = xx.xxx.x.xxx, constructing ke payload
Jun 17 17:12:47 [IKEv1 DEBUG]: IP = xx.xxx.x.xxx, constructing nonce payload
Jun 17 17:12:47 [IKEv1 DEBUG]: IP = xx.xxx.x.xxx, constructing Cisco Unity VID payload
Jun 17 17:12:47 [IKEv1 DEBUG]: IP = xx.xxx.x.xxx, constructing xauth V6 VID payload
Jun 17 17:12:47 [IKEv1 DEBUG]: IP = xx.xxx.x.xxx, Send IOS VID
Jun 17 17:12:47 [IKEv1 DEBUG]: IP = xx.xxx.x.xxx, Constructing ASA spoofing IOS Vendor ID payload (version: 1.0.0, capabilities: 20000001)
Jun 17 17:12:47 [IKEv1 DEBUG]: IP = xx.xxx.x.xxx, constructing VID payload
Jun 17 17:12:47 [IKEv1 DEBUG]: IP = xx.xxx.x.xxx, Send Altiga/Cisco VPN3000/Cisco ASA GW VID
Jun 17 17:12:47 [IKEv1 DEBUG]: IP = xx.xxx.x.xxx, constructing NAT-Discovery payload
Jun 17 17:12:47 [IKEv1 DEBUG]: IP = xx.xxx.x.xxx, computing NAT Discovery hash
Jun 17 17:12:47 [IKEv1 DEBUG]: IP = xx.xxx.x.xxx, constructing NAT-Discovery payload
Jun 17 17:12:47 [IKEv1 DEBUG]: IP = xx.xxx.x.xxx, computing NAT Discovery hash
Jun 17 17:12:47 [IKEv1]: IP = xx.xxx.x.xxx, Connection landed on tunnel_group DefaultRAGroup
Jun 17 17:12:47 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = xx.xxx.x.xxx, Generating keys for Responder...
Jun 17 17:12:47 [IKEv1]: IP = xx.xxx.x.xxx, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NAT-D (130) + NAT-D (130) + NONE (0) total length : 304
Jun 17 17:12:47 [IKEv1]: IP = xx.xxx.x.xxx, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + ID (5) + HASH (8) + NONE (0) total length : 64
Jun 17 17:12:47 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = xx.xxx.x.xxx, processing ID payload
Jun 17 17:12:47 [IKEv1 DECODE]: Group = DefaultRAGroup, IP = xx.xxx.x.xxx, ID_IPV4_ADDR ID received
xx.xxx.x.xxx
Jun 17 17:12:47 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = xx.xxx.x.xxx, processing hash payload
Jun 17 17:12:47 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = xx.xxx.x.xxx, Computing hash for ISAKMP
Jun 17 17:12:47 [IKEv1]: Group = DefaultRAGroup, IP = xx.xxx.x.xxx, Automatic NAT Detection Status: Remote end IS behind a NAT device This end is NOT behind a NAT device
Jun 17 17:12:47 [IKEv1]: IP = xx.xxx.x.xxx, Connection landed on tunnel_group DefaultRAGroup
Jun 17 17:12:47 [IKEv1]: Group = DefaultRAGroup, IP = xx.xxx.x.xxx, Freeing previously allocated memory for authorization-dn-attributes
Jun 17 17:12:47 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = xx.xxx.x.xxx, constructing ID payload
Jun 17 17:12:47 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = xx.xxx.x.xxx, constructing hash payload
Jun 17 17:12:47 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = xx.xxx.x.xxx, Computing hash for ISAKMP
Jun 17 17:12:47 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = xx.xxx.x.xxx, constructing dpd vid payload
Jun 17 17:12:47 [IKEv1]: IP = xx.xxx.x.xxx, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + ID (5) + HASH (8) + VENDOR (13) + NONE (0) total length : 84
Jun 17 17:12:47 [IKEv1]: Group = DefaultRAGroup, IP = xx.xxx.x.xxx, PHASE 1 COMPLETED
Jun 17 17:12:47 [IKEv1]: IP = xx.xxx.x.xxx, Keep-alive type for this connection: None
Jun 17 17:12:47 [IKEv1]: IP = xx.xxx.x.xxx, Keep-alives configured on but peer does not support keep-alives (type = None)
Jun 17 17:12:47 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = xx.xxx.x.xxx, Starting P1 rekey timer: 21600 seconds.
Jun 17 17:12:47 [IKEv1 DECODE]: IP = xx.xxx.x.xxx, IKE Responder starting QM: msg id = 00000001
Jun 17 17:12:47 [IKEv1]: IP = xx.xxx.x.xxx, IKE_DECODE RECEIVED Message (msgid=1) with payloads : HDR + HASH (8) + SA (1) + NONCE (10) + ID (5) + ID (5) + NAT-OA (131) + NONE (0) total length : 312
Jun 17 17:12:47 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = xx.xxx.x.xxx, processing hash payload
Jun 17 17:12:47 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = xx.xxx.x.xxx, processing SA payload
Jun 17 17:12:47 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = xx.xxx.x.xxx, processing nonce payload
Jun 17 17:12:47 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = xx.xxx.x.xxx, processing ID payload
Jun 17 17:12:47 [IKEv1 DECODE]: Group = DefaultRAGroup, IP = xx.xxx.x.xxx, ID_IPV4_ADDR ID received
xx.xxx.x.xxx
Jun 17 17:12:47 [IKEv1]: Group = DefaultRAGroup, IP = xx.xxx.x.xxx, Received remote Proxy Host data in ID Payload: Address xx.xxx.x.xxx, Protocol 17, Port 1701
Jun 17 17:12:47 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = xx.xxx.x.xxx, processing ID payload
Jun 17 17:12:47 [IKEv1 DECODE]: Group = DefaultRAGroup, IP = xx.xxx.x.xxx, ID_IPV4_ADDR ID received
xx.xxx.x.xxx
Jun 17 17:12:47 [IKEv1]: Group = DefaultRAGroup, IP = xx.xxx.x.xxx, Received local Proxy Host data in ID Payload: Address xx.xxx.x.xxx, Protocol 17, Port 1701
Jun 17 17:12:47 [IKEv1]: Group = DefaultRAGroup, IP = xx.xxx.x.xxx, L2TP/IPSec session detected.
Jun 17 17:12:47 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = xx.xxx.x.xxx, processing NAT-Original-Address payload
Jun 17 17:12:47 [IKEv1]: Group = DefaultRAGroup, IP = xx.xxx.x.xxx, QM IsRekeyed old sa not found by addr
Jun 17 17:12:47 [IKEv1]: Group = DefaultRAGroup, IP = xx.xxx.x.xxx, Static Crypto Map check, checking map = outside_map, seq = 10...
Jun 17 17:12:47 [IKEv1]: Group = DefaultRAGroup, IP = xx.xxx.x.xxx, Static Crypto Map check, map = outside_map, seq = 10, ACL does not match proxy IDs src:xx.xxx.x.xxx dst:xx.xxx.x.xxx
Jun 17 17:12:47 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = xx.xxx.x.xxx, Selecting only UDP-Encapsulated-Tunnel and UDP-Encapsulated-Transport modes defined by NAT-Traversal
Jun 17 17:12:47 [IKEv1]: Group = DefaultRAGroup, IP = xx.xxx.x.xxx, IKE Remote Peer configured for crypto map: outside_dyn_map
Jun 17 17:12:47 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = xx.xxx.x.xxx, processing IPSec SA payload
Jun 17 17:12:47 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = xx.xxx.x.xxx, IPSec SA Proposal # 2, Transform # 1 acceptable Matches global IPSec SA entry # 5
Jun 17 17:12:47 [IKEv1]: Group = DefaultRAGroup, IP = xx.xxx.x.xxx, IKE: requesting SPI!
IPSEC: New embryonic SA created @ 0x03EF7090,
SCB: 0x0396EBD0,
Direction: inbound
SPI : 0x224D487B
Session ID: 0x00000009
VPIF num : 0x00000002
Tunnel type: ra
Protocol : esp
Lifetime : 240 seconds
Jun 17 17:12:47 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = xx.xxx.x.xxx, IKE got SPI from key engine: SPI = 0x224d487b
Jun 17 17:12:47 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = xx.xxx.x.xxx, oakley constucting quick mode
Jun 17 17:12:47 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = xx.xxx.x.xxx, constructing blank hash payload
Jun 17 17:12:47 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = xx.xxx.x.xxx, constructing IPSec SA payload
Jun 17 17:12:47 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = xx.xxx.x.xxx, constructing IPSec nonce payload
Jun 17 17:12:47 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = xx.xxx.x.xxx, constructing proxy ID
Jun 17 17:12:47 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = xx.xxx.x.xxx, Transmitting Proxy Id:
Remote host: xx.xxx.x.xxx Protocol 17 Port 0
Local host: xx.xxx.x.xxx Protocol 17 Port 1701
Jun 17 17:12:47 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = xx.xxx.x.xxx, constructing NAT-Original-Address payload
Jun 17 17:12:47 [IKEv1]: Group = DefaultRAGroup, IP = xx.xxx.x.xxx, NAT-Traversal sending NAT-Original-Address payload
Jun 17 17:12:47 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = xx.xxx.x.xxx, constructing qm hash payload
Jun 17 17:12:47 [IKEv1 DECODE]: Group = DefaultRAGroup, IP = xx.xxx.x.xxx, IKE Responder sending 2nd QM pkt: msg id = 00000001
Jun 17 17:12:47 [IKEv1]: IP = xx.xxx.x.xxx, IKE_DECODE SENDING Message (msgid=1) with payloads : HDR + HASH (8) + SA (1) + NONCE (10) + ID (5) + ID (5) + NAT-OA (131) + NONE (0) total length : 172
Jun 17 17:12:47 [IKEv1]: IP = xx.xxx.x.xxx, IKE_DECODE RECEIVED Message (msgid=1) with payloads : HDR + HASH (8) + NONE (0) total length : 52
Jun 17 17:12:47 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = xx.xxx.x.xxx, processing hash payload
Jun 17 17:12:47 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = xx.xxx.x.xxx, loading all IPSEC SAs
Jun 17 17:12:47 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = xx.xxx.x.xxx, Generating Quick Mode Key!
Jun 17 17:12:47 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = xx.xxx.x.xxx, Generating Quick Mode Key!
IPSEC: New embryonic SA created @ 0x0175CE20,
SCB: 0x0175CD60,
Direction: outbound
SPI : 0xA5C3B052
Session ID: 0x00000009
VPIF num : 0x00000002
Tunnel type: ra
Protocol : esp
Lifetime : 240 seconds
IPSEC: Completed host OBSA update, SPI 0xA5C3B052
IPSEC: Creating outbound VPN context, SPI 0xA5C3B052
Flags: 0x00000225
SA : 0x0175CE20
SPI : 0xA5C3B052
MTU : 1500 bytes
VCID : 0x00000000
Peer : 0x00000000
SCB : 0x0175CD60
Channel: 0x0174FC00
IPSEC: Completed outbound VPN context, SPI 0xA5C3B052
VPN handle: 0x0023E0C4
IPSEC: New outbound encrypt rule, SPI 0xA5C3B052
Src addr: xx.xxx.x.xxx
Src mask: 255.255.255.255
Dst addr: xx.xxx.x.xxx
Dst mask: 255.255.255.255
Src ports
Upper: 1701
Lower: 1701
Op : equal
Dst ports
Upper: 4500
Lower: 4500
Op : equal
Protocol: 17
Use protocol: true
SPI: 0x00000000
Use SPI: false
IPSEC: Completed outbound encrypt rule, SPI 0xA5C3B052
Rule ID: 0x0396EC60
IPSEC: New outbound permit rule, SPI 0xA5C3B052
Src addr: xx.xxx.x.xxx
Src mask: 255.255.255.255
Dst addr: xx.xxx.x.xxx
Dst mask: 255.255.255.255
Src ports
Upper: 4500
Lower: 4500
Op : equal
Dst ports
Upper: 4500
Lower: 4500
Op : equal
Protocol: 17
Use protocol: true
SPI: 0x00000000
Use SPI: false
IPSEC: Completed outbound permit rule, SPI 0xA5C3B052
Rule ID: 0x0175DAA0
Jun 17 17:12:47 [IKEv1]: Group = DefaultRAGroup, IP = xx.xxx.x.xxx, Security negotiation complete for User () Responder, Inbound SPI = 0x224d487b, Outbound SPI = 0xa5c3b052
Jun 17 17:12:47 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = xx.xxx.x.xxx, IKE got a KEY_ADD msg for SA: SPI = 0xa5c3b052
IPSEC: Completed host IBSA update, SPI 0x224D487B
IPSEC: Creating inbound VPN context, SPI 0x224D487B
Flags: 0x00000226
SA : 0x03EF7090
SPI : 0x224D487B
MTU : 0 bytes
VCID : 0x00000000
Peer : 0x0023E0C4
SCB : 0x0396EBD0
Channel: 0x0174FC00
IPSEC: Completed inbound VPN context, SPI 0x224D487B
VPN handle: 0x00252C5C
IPSEC: Updating outbound VPN context 0x0023E0C4, SPI 0xA5C3B052
Flags: 0x00000225
SA : 0x0175CE20
SPI : 0xA5C3B052
MTU : 1500 bytes
VCID : 0x00000000
Peer : 0x00252C5C
SCB : 0x0175CD60
Channel: 0x0174FC00
IPSEC: Completed outbound VPN context, SPI 0xA5C3B052
VPN handle: 0x0023E0C4
IPSEC: Completed outbound inner rule, SPI 0xA5C3B052
Rule ID: 0x0396EC60
IPSEC: Completed outbound outer SPD rule, SPI 0xA5C3B052
Rule ID: 0x0175DAA0
IPSEC: New inbound tunnel flow rule, SPI 0x224D487B
Src addr: xx.xxx.x.xxx
Src mask: 255.255.255.255
Dst addr: xx.xxx.x.xxx
Dst mask: 255.255.255.255
Src ports
Upper: 0
Lower: 0
Op : ignore
Dst ports
Upper: 1701
Lower: 1701
Op : equal
Protocol: 17
Use protocol: true
SPI: 0x00000000
Use SPI: false
IPSEC: Completed inbound tunnel flow rule, SPI 0x224D487B
Rule ID: 0x0396DF48
IPSEC: New inbound decrypt rule, SPI 0x224D487B
Src addr: xx.xxx.x.xxx
Src mask: 255.255.255.255
Dst addr: xx.xxx.x.xxx
Dst mask: 255.255.255.255
Src ports
Upper: 4500
Lower: 4500
Op : equal
Dst ports
Upper: 4500
Lower: 4500
Op : equal
Protocol: 17
Use protocol: true
SPI: 0x00000000
Use SPI: false
IPSEC: Completed inbound decrypt rule, SPI 0x224D487B
Rule ID: 0x01B1C268
IPSEC: New inbound permit rule, SPI 0x224D487B
Src addr: xx.xxx.x.xxx
Src mask: 255.255.255.255
Dst addr: xx.xxx.x.xxx
Dst mask: 255.255.255.255
Src ports
Upper: 4500
Lower: 4500
Op : equal
Dst ports
Upper: 4500
Lower: 4500
Op : equal
Protocol: 17
Use protocol: true
SPI: 0x00000000
Use SPI: false
IPSEC: Completed inbound permit rule, SPI 0x224D487B
Rule ID: 0x0175C7F8
Jun 17 17:12:47 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = xx.xxx.x.xxx, Pitcher: received KEY_UPDATE, spi 0x224d487b
Jun 17 17:12:47 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = xx.xxx.x.xxx, Starting P2 rekey timer: 3420 seconds.
Jun 17 17:12:47 [IKEv1]: Group = DefaultRAGroup, IP = xx.xxx.x.xxx, PHASE 2 COMPLETED (msgid=00000001)
Jun 17 17:12:47 [IKEv1]: IKEQM_Active() Add L2TP classification rules: ip <xx.xxx.x.xxx> mask <0xFFFFFFFF> port <4500>
Jun 17 17:12:47 [IKEv1]: IP = xx.xxx.x.xxx, IKE_DECODE RECEIVED Message (msgid=e4a0acba) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 68
Jun 17 17:12:47 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = xx.xxx.x.xxx, processing hash payload
Jun 17 17:12:47 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = xx.xxx.x.xxx, processing delete
Jun 17 17:12:47 [IKEv1]: Group = DefaultRAGroup, IP = xx.xxx.x.xxx, Connection terminated for peer . Reason: Peer Terminate Remote Proxy xx.xxx.x.xxx, Local Proxy xx.xxx.x.xxx
Jun 17 17:12:47 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = xx.xxx.x.xxx, Active unit receives a delete event for remote peer xx.xxx.x.xxx.
Jun 17 17:12:47 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = xx.xxx.x.xxx, IKE Deleting SA: Remote Proxy xx.xxx.x.xxx, Local Proxy xx.xxx.x.xxx
Jun 17 17:12:47 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = xx.xxx.x.xxx, IKE SA MM:96ad4cb0 rcv'd Terminate: state MM_ACTIVE flags 0x00000042, refcnt 1, tuncnt 0
Jun 17 17:12:47 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = xx.xxx.x.xxx, IKE SA MM:96ad4cb0 terminating: flags 0x01000002, refcnt 0, tuncnt 0
Jun 17 17:12:47 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = xx.xxx.x.xxx, sending delete/delete with reason message
IPSEC: Deleted inbound decrypt rule, SPI 0x224D487B
Rule ID: 0x01B1C268
IPSEC: Deleted inbound permit rule, SPI 0x224D487B
Rule ID: 0x0175C7F8
IPSEC: Deleted inbound tunnel flow rule, SPI 0x224D487B
Rule ID: 0x0396DF48
IPSEC: Deleted inbound VPN context, SPI 0x224D487B
VPN handle: 0x00252C5C
IPSEC: Deleted outbound encrypt rule, SPI 0xA5C3B052
Rule ID: 0x0396EC60
IPSEC: Deleted outbound permit rule, SPI 0xA5C3B052
Rule ID: 0x0175DAA0
IPSEC: Deleted outbound VPN context, SPI 0xA5C3B052
VPN handle: 0x0023E0C4
Jun 17 17:12:47 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = xx.xxx.x.xxx, constructing blank hash payload
Jun 17 17:12:47 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = xx.xxx.x.xxx, constructing IKE delete payload
Jun 17 17:12:47 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = xx.xxx.x.xxx, constructing qm hash payload
Jun 17 17:12:47 [IKEv1]: IP = xx.xxx.x.xxx, IKE_DECODE SENDING Message (msgid=55be33f9) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 80
Jun 17 17:12:47 [IKEv1 DEBUG]: Pitcher: received key delete msg, spi 0x224d487b
Jun 17 17:12:47 [IKEv1 DEBUG]: Pitcher: received key delete msg, spi 0xa5c3b052
07-09-2010 04:26 PM
I too would like to chime in on this issue, I am having the exact same problem. My ASA 5505 came with 8.3(1) and I was unable to establish a L2TP/IPSEC connection with either Windows 7 or Windows XP. I found out that they had supposedly fixed this issue in an interim release of 8.3(1) so I tried it out, it seemed to fix it for Windows XP but Windows 7 still didn't work. The only way I've been able to get a Windows 7 client to connect via L2TP is to downgrade the IOS back to 8.2(2), then it works fine.
If anyone from Cisco reads this, could you check into why Windows 7 (and possibly Vista) clients are still having issues even with the latest interim version? (8.3(1)-6). Thanks!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: