cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2210
Views
0
Helpful
4
Replies

ASA L2TP/IPSec issue with windows client

razzaque003
Level 1
Level 1

Configuration on ASA 5506 and windows 10 client is pretty standard but the debug shows that the session drops after completing phase 2

 

What could be the issue? I have tried all registry fix as suggested on other discussions but it didn't help. Below is the debug output.

 

Feb 26 15:41:39 [IKEv1]Group = DefaultRAGroup, IP = <client ip>, PHASE 2 COMPLETED (msgid=00000001)

 

Feb 26 15:42:14 [IKEv1]IP = <client ip>, IKE_DECODE RECEIVED Message (msgid=d2c7e844) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 80
Feb 26 15:42:14 [IKEv1 DEBUG]Group = DefaultRAGroup, IP = <client ip>, processing hash payload
Feb 26 15:42:14 [IKEv1 DEBUG]Group = DefaultRAGroup, IP = <client ip>, processing delete
Feb 26 15:42:14 [IKEv1]Group = DefaultRAGroup, IP = <client ip>, Connection terminated for peer . Reason: Peer Terminate Remote Proxy 0.0.0.0, Local Proxy 0.0.0.0
Feb 26 15:42:14 [IKEv1 DEBUG]Group = DefaultRAGroup, IP = <client ip>, Active unit receives a delete event for remote peer <client ip>.

Feb 26 15:42:14 [IKEv1]Group = DefaultRAGroup, IP = <client ip>, Remove from IKEv1 Tunnel Table succeeded for SA with logicalId 389120
Feb 26 15:42:14 [IKEv1]Group = DefaultRAGroup, IP = <client ip>, Remove from IKEv1 MIB Table succeeded for SA with logical ID 389120
Feb 26 15:42:14 [IKEv1 DEBUG]Group = DefaultRAGroup, IP = <client ip>, IKE Deleting SA: Remote Proxy <client ip>, Local Proxy <ASA IP>
Feb 26 15:42:14 [IKEv1]MSG_FSM_QM lookup failed (handle 1)!
Feb 26 15:42:14 [IKEv1 DEBUG]Group = DefaultRAGroup, IP = <client ip>, IKE SA MM:83dac607 terminating: flags 0x01000802, refcnt 0, tuncnt 0
Feb 26 15:42:14 [IKEv1]Group = DefaultRAGroup, IP = <client ip>, Session is being torn down. Reason: User Requested
Feb 26 15:42:14 [IKEv1]Ignoring msg to mark SA with dsID 389120 dead because SA deleted
Feb 26 15:42:14 [IKEv1 DEBUG]Pitcher: received key delete msg, spi 0xdcaca6e5
Feb 26 15:42:14 [IKEv1 DEBUG]Pitcher: received key delete msg, spi 0xdcaca6e5

 

Please note that there is no manual request from user to terminate the session. 

4 Replies 4

razzaque003
Level 1
Level 1
Windows 10 fails to connect to the VPN. Message given is "The network connection between your computer and the VPN server could not be established because the remote server is not responding. This could be because one of the network devices between you and the remote server is not configured to allow VPN connections. This is Error 809 (NAT-T)
Tried all fixes for this error from windows side but nothing worked.

What happens if you use a different client like the shrew client? I had problems with an IPSec IKEv1 tunnel the other day and used shew and had to set it for a psk and xauth and then I got my tunnel working. 

Hi,

I tried using shew client. Can you please send me the settings of this client? I tried but it gives different errors with different settings.

Sorry about the wait. In my notes I have this:

Shrew VPN Config:

  1. IP
  2. Authentication Mutual PSK + Xauth
    1. Local Identity > FQDN > String is the connection tunnel
    2. Credentials > Pre Shared Key > Add the PSK of the VPN tunnel
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: