Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
786
Views
0
Helpful
1
Replies

ASA 5525-X: IPSec VPN NOT Established, Stuck at MM_WAIT_MSG2 or MM_WAIT_MSG3

Shawn Shi
Level 1
Level 1

‎10-16-2016 06:39 PM

Hello,

I'm meeting an IPSec VPN issue that IPSec VPN with IKEv1 could not be established with the peers in several IOS versions of my ASA 5525-X.

Here are the details of my situation:

  Device: ASA 5525-X

  IOS: 9.2.4, IPSec VPNs work fine in this IOS version.

          9.4.2, IPSec VPNs have been working fine in this IOS version for the past 8 months, but in last week all VPNs could not be established with the peers and they were all stuck at MM_WAIT_MSG2 of initiator or MM_WAIT_MSG3 of responder. No matter I clear the SAs of restart the ASA, it didn't work. Then I downgraded the IOS version to 9.2.4 and all VPNs are working fine now.

          9.6.2, according to the situations above, I upgraded the IOS to 9.6.2 in last week and in the first 10 hours after the upgrade, the VPNs worked fine, but next all happened to be like the situation in IOS version 9.4.2.

All VPN parameters are configured well and exactly right. Network to the peers side is working fine.

The reason why I upgraded ASA IOS to 9.4.2 is that I need the PBR feature in it.

Could anyone please HELP on this? Thanks!

Labels:
Preview file
46 KB
0 Helpful
1 Reply 1

Shawn Shi
Level 1
Level 1

‎10-27-2016 02:40 AM

Would it be that IPSec VPN license in my ASA 5525-X expired?

0 Helpful
Customers Also Viewed These Support Documents