Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1333
Views
0
Helpful
1
Replies

VPN ipssec Remote ID ASA 5515

Ruri
Level 1
Level 1

‎03-29-2019 05:07 PM

Hi All

We have a working ASA with some VPNs IPSec up & running, now we configured a new one but it doesn't  reach phase 2, this is the debug message:

 

IKE MM Initiator FSM error history (struct &0x00007f6e86ee17c0) <state>, <event>: MM_DONE, EV_ERROR-->MM_WAIT_MSG2, EV_RETRY-->MM_WAIT_MSG2, EV_TIMEOUT-->MM_WAIT_MSG2, NullEvent-->MM_SND_MSG1, EV_SND_MSG-->MM_SND_MSG1, EV_START_TMR-->MM_SND_MSG1, EV_RESEND_MSG-->MM_WAIT_MSG2, EV_RETRY

 

Our client says that we need to add their remote ID to the ISAKMP configuration. We can't find where. Can you please help.

 

Labels:
0 Helpful
1 Reply 1

balaji.bandi
Hall of Fame
Hall of Fame

‎03-29-2019 05:16 PM - edited ‎03-29-2019 05:18 PM

MM_WAIT_MSG2

 

- This issue may be with Phase1 policies on the remote end.

- UDP 500 is not reaching the remote end or the remote end is sending the UDP 500 packet back and is not reaching the local ASA

 

Also can you post both the side config and tell us, what is other side device ?

 

post output :

 

#show run (both the sides)

#show crypto isakmp sa

# enable debug and post full debug (not the trim one)

 

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card