Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2436
Views
0
Helpful
4
Replies

ASA L2TP/IPSec issue with windows client

razzaque003
Level 1
Level 1

‎02-26-2019 05:29 AM - edited ‎02-21-2020 08:52 AM

Configuration on ASA 5506 and windows 10 client is pretty standard but the debug shows that the session drops after completing phase 2

 

What could be the issue? I have tried all registry fix as suggested on other discussions but it didn't help. Below is the debug output.

 

Feb 26 15:41:39 [IKEv1]Group = DefaultRAGroup, IP = <client ip>, PHASE 2 COMPLETED (msgid=00000001)

 

Feb 26 15:42:14 [IKEv1]IP = <client ip>, IKE_DECODE RECEIVED Message (msgid=d2c7e844) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 80
Feb 26 15:42:14 [IKEv1 DEBUG]Group = DefaultRAGroup, IP = <client ip>, processing hash payload
Feb 26 15:42:14 [IKEv1 DEBUG]Group = DefaultRAGroup, IP = <client ip>, processing delete
Feb 26 15:42:14 [IKEv1]Group = DefaultRAGroup, IP = <client ip>, Connection terminated for peer . Reason: Peer Terminate Remote Proxy 0.0.0.0, Local Proxy 0.0.0.0
Feb 26 15:42:14 [IKEv1 DEBUG]Group = DefaultRAGroup, IP = <client ip>, Active unit receives a delete event for remote peer <client ip>.

Feb 26 15:42:14 [IKEv1]Group = DefaultRAGroup, IP = <client ip>, Remove from IKEv1 Tunnel Table succeeded for SA with logicalId 389120
Feb 26 15:42:14 [IKEv1]Group = DefaultRAGroup, IP = <client ip>, Remove from IKEv1 MIB Table succeeded for SA with logical ID 389120
Feb 26 15:42:14 [IKEv1 DEBUG]Group = DefaultRAGroup, IP = <client ip>, IKE Deleting SA: Remote Proxy <client ip>, Local Proxy <ASA IP>
Feb 26 15:42:14 [IKEv1]MSG_FSM_QM lookup failed (handle 1)!
Feb 26 15:42:14 [IKEv1 DEBUG]Group = DefaultRAGroup, IP = <client ip>, IKE SA MM:83dac607 terminating: flags 0x01000802, refcnt 0, tuncnt 0
Feb 26 15:42:14 [IKEv1]Group = DefaultRAGroup, IP = <client ip>, Session is being torn down. Reason: User Requested
Feb 26 15:42:14 [IKEv1]Ignoring msg to mark SA with dsID 389120 dead because SA deleted
Feb 26 15:42:14 [IKEv1 DEBUG]Pitcher: received key delete msg, spi 0xdcaca6e5
Feb 26 15:42:14 [IKEv1 DEBUG]Pitcher: received key delete msg, spi 0xdcaca6e5

 

Please note that there is no manual request from user to terminate the session. 

1 person had this problem
0 Helpful
4 Replies 4

razzaque003
Level 1
Level 1

‎02-26-2019 05:36 AM

Windows 10 fails to connect to the VPN. Message given is "The network connection between your computer and the VPN server could not be established because the remote server is not responding. This could be because one of the network devices between you and the remote server is not configured to allow VPN connections. This is Error 809 (NAT-T)
Tried all fixes for this error from windows side but nothing worked.
0 Helpful

LaFerrari
Level 1
Level 1
In response to razzaque003

‎02-26-2019 12:25 PM

What happens if you use a different client like the shrew client? I had problems with an IPSec IKEv1 tunnel the other day and used shew and had to set it for a psk and xauth and then I got my tunnel working. 

0 Helpful

razzaque003
Level 1
Level 1
In response to LaFerrari

‎02-26-2019 10:43 PM

Hi,

I tried using shew client. Can you please send me the settings of this client? I tried but it gives different errors with different settings.

0 Helpful

LaFerrari
Level 1
Level 1
In response to razzaque003

‎02-27-2019 10:54 AM

Sorry about the wait. In my notes I have this:

Shrew VPN Config:

  1. IP
  2. Authentication Mutual PSK + Xauth
    1. Local Identity > FQDN > String is the connection tunnel
    2. Credentials > Pre Shared Key > Add the PSK of the VPN tunnel
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card