07-19-2023 02:35 AM
Solved! Go to Solution.
07-19-2023 05:50 AM
clear crypto ipsec sa inactive <<- do this and then try ping again from side to side
07-19-2023 02:47 AM
seq num: 2 <<- there are two IPSec Seq for same MAP,
check the ACL for both there is conflict
07-19-2023 02:50 AM
seq number 2 is about this i think:
crypto map crypto_map_outside_1 2 match address vpn_azersun
crypto map crypto_map_outside_1 2 set pfs group14
crypto map crypto_map_outside_1 2 set peer 185.230.199.240
crypto map crypto_map_outside_1 2 set ikev2 ipsec-proposal Azersun_VPN
crypto map crypto_map_outside_1 2 set reverse-route
there is no seq number 1 there , this is first ipsec starting from seq number 2
07-19-2023 02:57 AM
show asp table vpn-context detail
share this please
07-19-2023 05:38 AM
here it is
FW1# show asp table vpn-context detail
VPN CTX = 0x0910057C
Peer IP = 10.21.48.0
Pointer = 0xA20B97A0
State = UP
Flags = DECR+ESP+PRESERVE
SA = 0x2B1D5E89
SPI = 0xA7E77DF5
Group = 0
Pkts = 0
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter = <none>
VPN CTX = 0x090FF7FC
Peer IP = 10.21.48.0
Pointer = 0xA2180C70
State = UP
Flags = ENCR+ESP+PRESERVE
SA = 0x2B1DAE8F
SPI = 0x58BEFA74
Group = 0
Pkts = 0
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter = <none>
VPN CTX = 0x090FD6E4
Peer IP = 10.10.19.20
Pointer = 0xA31C0150
State = UP
Flags = DECR+ESP+PRESERVE
SA = 0x2B1C7853
SPI = 0xF810C799
Group = 0
Pkts = 0
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter = vpn_azersun_gp
VPN CTX = 0x090FAE04
Peer IP = 10.10.19.20
Pointer = 0xA1844290
State = UP
Flags = ENCR+ESP+PRESERVE
SA = 0x2B1CB591
SPI = 0xFD4653A1
Group = 0
Pkts = 0
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter = vpn_azersun_gp
VPN CTX = 0x090B1A1C
Peer IP = 10.100.4.0
Pointer = 0xA3100380
State = UP
Flags = DECR+ESP
SA = 0x2B092B71
SPI = 0x07527A52
Group = 0
Pkts = 7494
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter = vpn_azersun_gp
VPN CTX = 0x090AFB1C
Peer IP = 10.100.4.0
Pointer = 0xA31C6420
State = UP
Flags = ENCR+ESP
SA = 0x2B099D57
SPI = 0xB420FAA2
Group = 0
Pkts = 7068
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter = vpn_azersun_gp
VPN CTX = 0x090A4C94
Peer IP = 10.100.212.1
Pointer = 0xA2F8F520
State = UP
Flags = DECR+ESP
SA = 0x2B0615DF
SPI = 0x5D8CDD17
Group = 1
Pkts = 407
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter = vpn_azersun_gp
VPN CTX = 0x090A2C74
Peer IP = 10.100.212.1
Pointer = 0xA22CC770
State = UP
Flags = ENCR+ESP
SA = 0x2B06F22D
SPI = 0xC887A5DE
Group = 1
Pkts = 407
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter = vpn_azersun_gp
VPN CTX = 0x0909C5A4
Peer IP = 10.100.0.0
Pointer = 0xA2D67CF0
State = UP
Flags = DECR+ESP
SA = 0x2B043483
SPI = 0x79A4F213
Group = 1
Pkts = 25913
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter = vpn_azersun_gp
VPN CTX = 0x0909BFC4
Peer IP = 10.100.0.0
Pointer = 0xA30106D0
State = UP
Flags = ENCR+ESP
SA = 0x2B04F601
SPI = 0x7BAFAE72
Group = 0
Pkts = 0
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter = vpn_azersun_gp
VPN CTX = 0x090980CC
Peer IP = 192.168.5.20
Pointer = 0xA30B4200
State = UP
Flags = DECR+ESP
SA = 0x2B035B3D
SPI = 0x0CF9995C
Group = 2
Pkts = 132
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter = vpn_azersun_gp
VPN CTX = 0x09096E8C
Peer IP = 192.168.5.20
Pointer = 0xA30F9790
State = UP
Flags = ENCR+ESP
SA = 0x2B039F33
SPI = 0x2ACB4FBB
Group = 1
Pkts = 4954
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter = vpn_azersun_gp
VPN CTX = 0x09094DB4
Peer IP = 192.168.0.220
Pointer = 0xA222BAA0
State = UP
Flags = DECR+ESP
SA = 0x2B0270E7
SPI = 0x37E4A9BA
Group = 1
Pkts = 14094
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter = vpn_azersun_gp
VPN CTX = 0x09093E14
Peer IP = 192.168.0.220
Pointer = 0xA3055F30
State = UP
Flags = ENCR+ESP
SA = 0x2B02A495
SPI = 0x51E6F07F
Group = 0
Pkts = 0
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter = vpn_azersun_gp
VPN CTX = 0x08F85CD4
Peer IP = 192.168.5.15
Pointer = 0xA302FBB0
State = UP
Flags = DECR+ESP
SA = 0x2AB98677
SPI = 0x83873528
Group = 1
Pkts = 0
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter = <none>
VPN CTX = 0x08F835B4
Peer IP = 192.168.5.15
Pointer = 0xA1DE4780
State = UP
Flags = ENCR+ESP
SA = 0x2ABA6477
SPI = 0x2A8DC3FC
Group = 1
Pkts = 180
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter = <none>
VPN CTX = 0x08E5CE24
Peer IP = 172.16.77.17
Pointer = 0xA2F8F830
State = UP
Flags = DECR+ESP
SA = 0x2A68523B
SPI = 0x7A6278EA
Group = 1
Pkts = 0
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter = <none>
VPN CTX = 0x08E5BA44
Peer IP = 172.16.77.17
Pointer = 0xA2C3CF30
State = UP
Flags = ENCR+ESP
SA = 0x2A694EB1
SPI = 0xD53E2EFA
Group = 1
Pkts = 14652
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter = <none>
VPN CTX = 0x08E5954C
Peer IP = 10.100.0.0
Pointer = 0xA1E31070
State = UP
Flags = DECR+ESP
SA = 0x2A672435
SPI = 0xE54497C6
Group = 977
Pkts = 46
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter = <none>
VPN CTX = 0x08E5650C
Peer IP = 10.100.0.0
Pointer = 0xA31A7260
State = UP
Flags = ENCR+ESP
SA = 0x2A67C0CB
SPI = 0x499B3FBF
Group = 965
Pkts = 1519994
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter = <none>
VPN CTX = 0x08CE4814
Peer IP = 192.168.0.220
Pointer = 0xA2138770
State = UP
Flags = DECR+ESP
SA = 0x29E77D35
SPI = 0xEAE96334
Group = 0
Pkts = 7
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter = <none>
VPN CTX = 0x08CE25F4
Peer IP = 192.168.0.220
Pointer = 0xA2150D20
State = UP
Flags = ENCR+ESP
SA = 0x29E7A5CB
SPI = 0x64A7188A
Group = 0
Pkts = 0
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter = <none>
VPN CTX = 0x08A616BC
Peer IP = 10.10.19.20
Pointer = 0xA2B85B10
State = UP
Flags = DECR+ESP
SA = 0x2914A861
SPI = 0x5A53133E
Group = 0
Pkts = 0
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter = <none>
VPN CTX = 0x08A5E63C
Peer IP = 10.10.19.20
Pointer = 0xA1E3B8C0
State = UP
Flags = ENCR+ESP
SA = 0x29152119
SPI = 0x210A50D0
Group = 0
Pkts = 0
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter = <none>
VPN CTX = 0x08A59D4C
Peer IP = 192.168.0.220
Pointer = 0xA2227AF0
State = UP
Flags = DECR+ESP
SA = 0x2912F0F5
SPI = 0x3F0B95BB
Group = 0
Pkts = 58
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter = <none>
VPN CTX = 0x08A56D0C
Peer IP = 192.168.0.220
Pointer = 0xA1DE6990
State = UP
Flags = ENCR+ESP
SA = 0x2913201D
SPI = 0x9A08785F
Group = 0
Pkts = 58
Bad Pkts = 0
Bad SPI = 0
Spoof = 0
Bad Crypto = 0
Rekey Pkt = 0
Rekey Call = 0
VPN Filter = <none>
07-19-2023 05:50 AM
clear crypto ipsec sa inactive <<- do this and then try ping again from side to side
07-19-2023 06:02 AM
It solved the issue. Thank you for your valuable support. Could you please share with us, what conditions lead to this result and how we can prevent this problem from happening again.
07-19-2023 06:09 AM
First you are so welcome
Second I will share how I detect issue from info you share.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide