https://community.cisco.com/t5/network-security/fmc-fdt-site-to-site-vpn/m-p/4799084#M1098879 <P>Ya there was no logs about the tunnel itself, because my FTD works as server and was waiting for connection. Setting up the connection type on my side to "Originate Only" started connecting and finally logs appear.</P> Wed, 22 Mar 2023 08:38:14 GMT edp-adm 2023-03-22T08:38:14Z https://community.cisco.com/t5/network-security/fmc-fdt-site-to-site-vpn/m-p/4798342#M1098829 <P>Hello</P><P>I have Firepower 1120 and configured s2s VPN to 3rd party using parameters as below</P><P>IKEv1 Encryption AES-256 Hash SHA Lifetime: 21600</P><P>IPSec Encryption AES-256 Hash SHA&nbsp;<SPAN>Lifetime: 3600</SPAN></P><P>DH14&nbsp;</P><P>&nbsp;With NAT&nbsp;</P><P>nat (local_ip_pool,outsite_interface) source static local_ip_pool local_ip_pool destination static external_ip_pool external_ip_pool no-proxy-arp</P><P>Tunnel is in "Unknown" status</P><P>Is there any way to debug this via FMC/FTD? I tried to setup logging at FMC Devices -&gt; Platform Settings -&gt; Syslog&nbsp; but there is nothing helpful for debugging s2s</P> Tue, 21 Mar 2023 10:25:23 GMT https://community.cisco.com/t5/network-security/fmc-fdt-site-to-site-vpn/m-p/4798342#M1098829 edp-adm 2023-03-21T10:25:23Z https://community.cisco.com/t5/network-security/fmc-fdt-site-to-site-vpn/m-p/4798709#M1098854 <P>have you tried debugging using FTD CLI?</P> Tue, 21 Mar 2023 16:47:23 GMT https://community.cisco.com/t5/network-security/fmc-fdt-site-to-site-vpn/m-p/4798709#M1098854 Herald Sison 2023-03-21T16:47:23Z https://community.cisco.com/t5/network-security/fmc-fdt-site-to-site-vpn/m-p/4799084#M1098879 <P>Ya there was no logs about the tunnel itself, because my FTD works as server and was waiting for connection. Setting up the connection type on my side to "Originate Only" started connecting and finally logs appear.</P> Wed, 22 Mar 2023 08:38:14 GMT https://community.cisco.com/t5/network-security/fmc-fdt-site-to-site-vpn/m-p/4799084#M1098879 edp-adm 2023-03-22T08:38:14Z https://community.cisco.com/t5/network-security/fmc-fdt-site-to-site-vpn/m-p/4799439#M1098895 <P>Ok I'm able to get logs but tunnel still fails, log from device&nbsp;<A href="https://pastebin.com/yGAKcZt3" target="_self">pastebin - logs</A></P> Wed, 22 Mar 2023 15:40:54 GMT https://community.cisco.com/t5/network-security/fmc-fdt-site-to-site-vpn/m-p/4799439#M1098895 edp-adm 2023-03-22T15:40:54Z https://community.cisco.com/t5/network-security/fmc-fdt-site-to-site-vpn/m-p/4799494#M1098902 <P>can not open link&nbsp;</P> Wed, 22 Mar 2023 16:34:51 GMT https://community.cisco.com/t5/network-security/fmc-fdt-site-to-site-vpn/m-p/4799494#M1098902 MHM Cisco World 2023-03-22T16:34:51Z https://community.cisco.com/t5/network-security/fmc-fdt-site-to-site-vpn/m-p/4799495#M1098903 <OL><LI><DIV class="">&lt;165&gt;:2023-03-22T15:10:19Z: %FTD-vpn-5-752004: Tunnel Manager dispatching a KEY_ACQUIRE message to IKEv1. Map Tag = CSM_outsite_map. Map Sequence Number = 2.</DIV></LI><LI><DIV class="">&lt;164&gt;:2023-03-22T15:10:19Z: %FTD-vpn-4-752010: IKEv2 Doesn't have a proposal specified</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-715077: Pitcher: received a key acquire message, spi 0x0</DIV></LI><LI><DIV class="">&lt;165&gt;:2023-03-22T15:10:19Z: %FTD-vpn-5-713041: IP = X.X.X.X, IKE Initiator: New Phase 1, Intf outsite, IKE Peer X.X.X.X local Proxy Address Y.Y.Y.Y, remote Proxy Address X.X.X.X, Crypto map (CSM_outsite_map)</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-715046: IP = X.X.X.X, constructing ISAKMP SA payload</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-715046: IP = X.X.X.X, constructing NAT-Traversal VID ver 02 payload</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-715046: IP = X.X.X.X, constructing NAT-Traversal VID ver 03 payload</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-715046: IP = X.X.X.X, constructing NAT-Traversal VID ver RFC payload</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-715046: IP = X.X.X.X, constructing Fragmentation VID + extended capabilities payload</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-713236: IP = X.X.X.X, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 172</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-713906: IKE Receiver: Packet received on Y.Y.Y.Y:500 from X.X.X.X:500</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-713236: IP = X.X.X.X, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 152</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-715047: IP = X.X.X.X, processing SA payload</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-713906: IP = X.X.X.X, Oakley proposal is acceptable</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-715047: IP = X.X.X.X, processing VID payload</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-715047: IP = X.X.X.X, processing VID payload</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-715049: IP = X.X.X.X, Received NAT-Traversal RFC VID</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-715047: IP = X.X.X.X, processing VID payload</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-715049: IP = X.X.X.X, Received Fragmentation VID</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-715064: IP = X.X.X.X, IKE Peer included IKE fragmentation capability flags: Main Mode: True Aggressive Mode: False</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-715046: IP = X.X.X.X, constructing ke payload</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-715046: IP = X.X.X.X, constructing nonce payload</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-715046: IP = X.X.X.X, constructing Cisco Unity VID payload</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-715046: IP = X.X.X.X, constructing xauth V6 VID payload</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-715048: IP = X.X.X.X, Send IOS VID</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-715038: IP = X.X.X.X, Constructing ASA spoofing IOS Vendor ID payload (version: 1.0.0, capabilities: 20000001)</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-715046: IP = X.X.X.X, constructing VID payload</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-715048: IP = X.X.X.X, Send Altiga/Cisco VPN3000/Cisco ASA GW VID</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-715046: IP = X.X.X.X, constructing NAT-Discovery payload</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-713906: IP = X.X.X.X, computing NAT Discovery hash</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-715046: IP = X.X.X.X, constructing NAT-Discovery payload</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-713906: IP = X.X.X.X, computing NAT Discovery hash</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-713236: IP = X.X.X.X, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NAT-D (20) + NAT-D (20) + NONE (0) total length : 432</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-713906: IKE Receiver: Packet received on Y.Y.Y.Y:500 from X.X.X.X:500</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-713236: IP = X.X.X.X, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + NAT-D (20) + NAT-D (20) + NONE (0) total length : 356</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-715047: IP = X.X.X.X, processing ke payload</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-715047: IP = X.X.X.X, processing ISA_KE payload</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-715047: IP = X.X.X.X, processing nonce payload</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-715047: IP = X.X.X.X, processing NAT-Discovery payload</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-713906: IP = X.X.X.X, computing NAT Discovery hash</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-715047: IP = X.X.X.X, processing NAT-Discovery payload</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-713906: IP = X.X.X.X, computing NAT Discovery hash</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-713906: IP = X.X.X.X, Connection landed on tunnel_group X.X.X.X</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-713906: Group = X.X.X.X, IP = X.X.X.X, Generating keys for Initiator...</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-715046: Group = X.X.X.X, IP = X.X.X.X, constructing ID payload</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-715046: Group = X.X.X.X, IP = X.X.X.X, constructing hash payload</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-715076: Group = X.X.X.X, IP = X.X.X.X, Computing hash for ISAKMP</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-715046: Group = X.X.X.X, IP = X.X.X.X, constructing dpd vid payload</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-713236: IP = X.X.X.X, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + ID (5) + HASH (8) + VENDOR (13) + NONE (0) total length : 84</DIV></LI><LI><DIV class="">&lt;166&gt;:2023-03-22T15:10:19Z: %FTD-vpn-6-713172: Group = X.X.X.X, IP = X.X.X.X, Automatic NAT Detection Status: Remote end is NOT behind a NAT device This end is NOT behind a NAT device</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-713906: IKE Receiver: Packet received on Y.Y.Y.Y:500 from X.X.X.X:500</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-713236: IP = X.X.X.X, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + ID (5) + HASH (8) + NONE (0) total length : 64</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-715047: Group = X.X.X.X, IP = X.X.X.X, processing ID payload</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-714011: Group = X.X.X.X, IP = X.X.X.X, ID_IPV4_ADDR ID received</DIV></LI><LI><DIV class="">X.X.X.X</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-715047: Group = X.X.X.X, IP = X.X.X.X, processing hash payload</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-715076: Group = X.X.X.X, IP = X.X.X.X, Computing hash for ISAKMP</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-713906: IP = X.X.X.X, Connection landed on tunnel_group X.X.X.X</DIV></LI><LI><DIV class="">&lt;166&gt;:2023-03-22T15:10:19Z: %FTD-auth-6-113009: AAA retrieved default group policy (.DefaultS2SGroupPolicy) for user = X.X.X.X</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-713906: Group = X.X.X.X, IP = X.X.X.X, Oakley begin quick mode</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-714002: Group = X.X.X.X, IP = X.X.X.X, IKE Initiator starting QM: msg id = 4bd7018f</DIV></LI><LI><DIV class="">&lt;165&gt;:2023-03-22T15:10:19Z: %FTD-vpn-5-713119: Group = X.X.X.X, IP = X.X.X.X, PHASE 1 COMPLETED</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-713121: IP = X.X.X.X, Keep-alive type for this connection: None</DIV></LI><LI><DIV class="">&lt;163&gt;:2023-03-22T15:10:19Z: %FTD-vpn-3-713122: IP = X.X.X.X, Keep-alives configured on but peer does not support keep-alives (type = None)</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-715080: Group = X.X.X.X, IP = X.X.X.X, Starting P1 rekey timer: 16200 seconds.</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-713906: Group = X.X.X.X, IP = X.X.X.X, Add to IKEv1 Tunnel Table succeeded for SA with logical ID 5033984</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-713906: Group = X.X.X.X, IP = X.X.X.X, Add to IKEv1 MIB Table succeeded for SA with logical ID 5033984</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-715006: Group = X.X.X.X, IP = X.X.X.X, IKE got SPI from key engine: SPI = 0x3693a6b9</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-713906: Group = X.X.X.X, IP = X.X.X.X, oakley constructing quick mode</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-715046: Group = X.X.X.X, IP = X.X.X.X, constructing blank hash payload</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-715046: Group = X.X.X.X, IP = X.X.X.X, constructing IPSec SA payload</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-715046: Group = X.X.X.X, IP = X.X.X.X, constructing IPSec nonce payload</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-715046: Group = X.X.X.X, IP = X.X.X.X, constructing pfs ke payload</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-715001: Group = X.X.X.X, IP = X.X.X.X, constructing proxy ID</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-713906: Group = X.X.X.X, IP = X.X.X.X, Transmitting Proxy Id:</DIV></LI><LI><DIV class="">Local host: Y.Y.Y.Y Protocol 0 Port 0</DIV></LI><LI><DIV class="">Remote host: X.X.X.X Protocol 0 Port 0</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-714007: Group = X.X.X.X, IP = X.X.X.X, IKE Initiator sending Initial Contact</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-715046: Group = X.X.X.X, IP = X.X.X.X, constructing qm hash payload</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-714004: Group = X.X.X.X, IP = X.X.X.X, IKE Initiator sending 1st QM pkt: msg id = 4bd7018f</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-713236: IP = X.X.X.X, IKE_DECODE SENDING Message (msgid=4bd7018f) with payloads : HDR + HASH (8) + SA (1) + NONCE (10) + KE (4) + ID (5) + ID (5) + NOTIFY (11) + NONE (0) total length : 456</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-713906: IKE Receiver: Packet received on Y.Y.Y.Y:500 from X.X.X.X:500</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-713236: IP = X.X.X.X, IKE_DECODE RECEIVED Message (msgid=d4894207) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 64</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-715047: Group = X.X.X.X, IP = X.X.X.X, processing hash payload</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:19Z: %FTD-vpn-7-715047: Group = X.X.X.X, IP = X.X.X.X, processing notify payload</DIV></LI><LI><DIV class="">&lt;165&gt;:2023-03-22T15:10:19Z: %FTD-vpn-5-713068: Group = X.X.X.X, IP = X.X.X.X, Received non-routine Notify message: Invalid ID info (18)</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:27Z: %FTD-vpn-7-713906: IKE Receiver: Packet received on Y.Y.Y.Y:500 from X.X.X.X:500</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:27Z: %FTD-vpn-7-713236: IP = X.X.X.X, IKE_DECODE RECEIVED Message (msgid=d2fb004b) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 64</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:27Z: %FTD-vpn-7-715047: Group = X.X.X.X, IP = X.X.X.X, processing hash payload</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:27Z: %FTD-vpn-7-715047: Group = X.X.X.X, IP = X.X.X.X, processing notify payload</DIV></LI><LI><DIV class="">&lt;165&gt;:2023-03-22T15:10:27Z: %FTD-vpn-5-713068: Group = X.X.X.X, IP = X.X.X.X, Received non-routine Notify message: Invalid ID info (18)</DIV></LI><LI><DIV class="">&lt;166&gt;:2023-03-22T15:10:30Z: %FTD-session-6-305011: Built dynamic UDP translation from any:10.215.4.2/123 to outsite:Y.Y.Y.Y/62336</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:35Z: %FTD-vpn-7-713906: IKE Receiver: Packet received on Y.Y.Y.Y:500 from X.X.X.X:500</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:35Z: %FTD-vpn-7-713236: IP = X.X.X.X, IKE_DECODE RECEIVED Message (msgid=a88e44ff) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 64</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:35Z: %FTD-vpn-7-715047: Group = X.X.X.X, IP = X.X.X.X, processing hash payload</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:35Z: %FTD-vpn-7-715047: Group = X.X.X.X, IP = X.X.X.X, processing notify payload</DIV></LI><LI><DIV class="">&lt;165&gt;:2023-03-22T15:10:35Z: %FTD-vpn-5-713068: Group = X.X.X.X, IP = X.X.X.X, Received non-routine Notify message: Invalid ID info (18)</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:43Z: %FTD-vpn-7-713906: IKE Receiver: Packet received on Y.Y.Y.Y:500 from X.X.X.X:500</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:43Z: %FTD-vpn-7-713236: IP = X.X.X.X, IKE_DECODE RECEIVED Message (msgid=8eb4f4b9) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 64</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:43Z: %FTD-vpn-7-715047: Group = X.X.X.X, IP = X.X.X.X, processing hash payload</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:43Z: %FTD-vpn-7-715047: Group = X.X.X.X, IP = X.X.X.X, processing notify payload</DIV></LI><LI><DIV class="">&lt;165&gt;:2023-03-22T15:10:43Z: %FTD-vpn-5-713068: Group = X.X.X.X, IP = X.X.X.X, Received non-routine Notify message: Invalid ID info (18)</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:49Z: %FTD-vpn-7-715077: Group = X.X.X.X, IP = X.X.X.X, Pitcher: received key delete msg, spi 0x3693a6b9</DIV></LI><LI><DIV class="">&lt;165&gt;:2023-03-22T15:10:49Z: %FTD-vpn-5-713050: Group = X.X.X.X, IP = X.X.X.X, Connection terminated for peer X.X.X.X. Reason: Session Error Terminated Remote Proxy X.X.X.X, Local Proxy Y.Y.Y.Y</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:49Z: %FTD-vpn-7-713906: Group = X.X.X.X, IP = X.X.X.X, sending delete/delete with reason message</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:49Z: %FTD-vpn-7-715046: Group = X.X.X.X, IP = X.X.X.X, constructing blank hash payload</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:49Z: %FTD-vpn-7-715046: Group = X.X.X.X, IP = X.X.X.X, constructing IPSec delete payload</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:49Z: %FTD-vpn-7-715046: Group = X.X.X.X, IP = X.X.X.X, constructing qm hash payload</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:49Z: %FTD-vpn-7-713236: IP = X.X.X.X, IKE_DECODE SENDING Message (msgid=25456395) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 68</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:49Z: %FTD-vpn-7-715009: Group = X.X.X.X, IP = X.X.X.X, IKE Deleting SA: Remote Proxy X.X.X.X, Local Proxy Y.Y.Y.Y</DIV></LI><LI><DIV class="">&lt;163&gt;:2023-03-22T15:10:49Z: %FTD-vpn-3-713902: Group = X.X.X.X, IP = X.X.X.X, Removing peer from correlator table failed, no match!</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:49Z: %FTD-vpn-7-713906: Group = X.X.X.X, IP = X.X.X.X, IKE SA MM:4aca0c69 rcv'd Terminate: state MM_ACTIVE flags 0x00000062, refcnt 1, tuncnt 0</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:49Z: %FTD-vpn-7-713906: Group = X.X.X.X, IP = X.X.X.X, Remove from IKEv1 Tunnel Table succeeded for SA with logicalId 5033984</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:49Z: %FTD-vpn-7-713906: Group = X.X.X.X, IP = X.X.X.X, Remove from IKEv1 MIB Table succeeded for SA with logical ID 5033984</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:49Z: %FTD-vpn-7-713906: Group = X.X.X.X, IP = X.X.X.X, IKE SA MM:4aca0c69 terminating: flags 0x01000022, refcnt 0, tuncnt 0</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:49Z: %FTD-vpn-7-713906: Group = X.X.X.X, IP = X.X.X.X, sending delete/delete with reason message</DIV></LI><LI><DIV class="">&lt;164&gt;:2023-03-22T15:10:49Z: %FTD-vpn-4-752012: IKEv1 was unsuccessful at setting up a tunnel. Map Tag = CSM_outsite_map. Map Sequence Number = 2.</DIV></LI><LI><DIV class="">&lt;163&gt;:2023-03-22T15:10:49Z: %FTD-vpn-3-752015: Tunnel Manager has failed to establish an L2L SA. All configured IKE versions failed to establish the tunnel. Map Tag= CSM_outsite_map. Map Sequence Number = 2.</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:49Z: %FTD-vpn-7-752002: Tunnel Manager Removed entry. Map Tag = CSM_outsite_map. Map Sequence Number = 2.</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:49Z: %FTD-vpn-7-715046: Group = X.X.X.X, IP = X.X.X.X, constructing blank hash payload</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:49Z: %FTD-vpn-7-715046: Group = X.X.X.X, IP = X.X.X.X, constructing IKE delete payload</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:49Z: %FTD-vpn-7-715046: Group = X.X.X.X, IP = X.X.X.X, constructing qm hash payload</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:49Z: %FTD-vpn-7-713236: IP = X.X.X.X, IKE_DECODE SENDING Message (msgid=f27b7ff1) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 80</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:49Z: %FTD-vpn-7-715077: Pitcher: received key delete msg, spi 0x3693a6b9</DIV></LI><LI><DIV class="">&lt;165&gt;:2023-03-22T15:10:49Z: %FTD-vpn-5-713259: Group = X.X.X.X, IP = X.X.X.X, Session is being torn down. Reason: Unknown</DIV></LI><LI><DIV class="">&lt;164&gt;:2023-03-22T15:10:49Z: %FTD-auth-4-113019: Group = X.X.X.X, Username = X.X.X.X, IP = X.X.X.X, Session disconnected. Session Type: LAN-to-LAN, Duration: 0h:00m:30s, Bytes xmt: 0, Bytes rcv: 0, Reason: Unknown</DIV></LI><LI><DIV class="">&lt;167&gt;:2023-03-22T15:10:49Z: %FTD-vpn-7-713906: Ignoring msg to mark SA with dsID 5033984 dead because SA deleted</DIV></LI></OL> Wed, 22 Mar 2023 16:35:57 GMT https://community.cisco.com/t5/network-security/fmc-fdt-site-to-site-vpn/m-p/4799495#M1098903 edp-adm 2023-03-22T16:35:57Z