11-19-2014
06:14 AM
- last edited on
03-25-2019
05:54 PM
by
ciscomoderator
Are logs like this kind of normal to see?
We have a complex network and I'm seeing logs like this a lot. I had to change the public IP's to bogus numbers.
I just wonder if our current vender that set things up has done everything right.
002-ASA 11-19-2014 05:30:41 %ASA-4-713903: IP = 001.001.001.001, Information Exchange processing failed
001-ASA 11-19-2014 05:30:40 %ASA-4-713903: IP = 002.002.002.002, Header invalid, missing SA payload! (next payload = 4)
002-ASA 11-19-2014 05:30:40 %ASA-5-713904: IP = 001.001.001.001, Received an un-encrypted INVALID_COOKIE notify message, dropping
001-ASA 11-19-2014 05:30:38 %ASA-4-752012: IKEv1 was unsuccessful at setting up a tunnel. Map Tag = outside_map. Map Sequence Number = 20.
001-ASA 11-19-2014 05:30:38 %ASA-3-752015: Tunnel Manager has failed to establish an L2L SA. All configured IKE versions failed to establish the tunnel. Map Tag= outside_map. Map Sequence Number = 20.
001-ASA 11-19-2014 05:30:32 %ASA-4-713903: Group = 002.002.002.002, IP = 002.002.002.002, Can't find a valid tunnel group, aborting...!
002-ASA 11-19-2014 05:30:32 %ASA-5-752004: Tunnel Manager dispatching a KEY_ACQUIRE message to IKEv1. Map Tag = outside_map. Map Sequence Number = 20.
002-ASA 11-19-2014 05:30:32 %ASA-4-752010: IKEv2 Doesn't have a proposal specified
002-ASA 11-19-2014 05:30:32 %ASA-5-713041: IP = 001.001.001.001, IKE Initiator: New Phase 1, Intf inside, IKE Peer 001.001.001.001 local Proxy Address 192.168.13.32, remote Proxy Address 192.168.52.0, Crypto map (outside_map)
002-ASA 11-19-2014 05:30:22 %ASA-3-752015: Tunnel Manager has failed to establish an L2L SA. All configured IKE versions failed to establish the tunnel. Map Tag= outside_map. Map Sequence Number = 20.
002-ASA 11-19-2014 05:30:22 %ASA-4-752012: IKEv1 was unsuccessful at setting up a tunnel. Map Tag = outside_map. Map Sequence Number = 20.
002-ASA 11-19-2014 05:30:14 %ASA-4-713903: IP = 001.001.001.001, Information Exchange processing failed
002-ASA 11-19-2014 05:30:14 %ASA-5-713904: IP = 001.001.001.001, Received an un-encrypted INVALID_COOKIE notify message, dropping
001-ASA 11-19-2014 05:30:14 %ASA-4-713903: IP = 002.002.002.002, Header invalid, missing SA payload! (next payload = 4)
002-ASA 11-19-2014 05:30:06 %ASA-4-713903: IP = 001.001.001.001, Information Exchange processing failed
002-ASA 11-19-2014 05:30:06 %ASA-5-713904: IP = 001.001.001.001, Received an un-encrypted INVALID_COOKIE notify message, dropping
001-ASA 11-19-2014 05:30:06 %ASA-4-713903: IP = 002.002.002.002, Header invalid, missing SA payload! (next payload = 4)
001-ASA 11-19-2014 05:30:04 %ASA-5-713041: IP = 003.003.003.003, IKE Initiator: New Phase 1, Intf inside, IKE Peer 003.003.003.003 local Proxy Address 192.168.52.0, remote Proxy Address 192.168.13.32, Crypto map (outside_map)
001-ASA 11-19-2014 05:30:04 %ASA-4-752010: IKEv2 Doesn't have a proposal specified
001-ASA 11-19-2014 05:30:03 %ASA-5-752004: Tunnel Manager dispatching a KEY_ACQUIRE message to IKEv1. Map Tag = outside_map. Map Sequence Number = 20.
002-ASA 11-19-2014 05:29:58 %ASA-4-713903: IP = 001.001.001.001, Information Exchange processing failed
002-ASA 11-19-2014 05:29:58 %ASA-5-713904: IP = 001.001.001.001, Received an un-encrypted INVALID_COOKIE notify message, dropping
001-ASA 11-19-2014 05:29:58 %ASA-4-713903: IP = 002.002.002.002, Header invalid, missing SA payload! (next payload = 4)
001-ASA 11-19-2014 05:29:56 %ASA-3-752015: Tunnel Manager has failed to establish an L2L SA. All configured IKE versions failed to establish the tunnel. Map Tag= outside_map. Map Sequence Number = 20.
001-ASA 11-19-2014 05:29:56 %ASA-4-752012: IKEv1 was unsuccessful at setting up a tunnel. Map Tag = outside_map. Map Sequence Number = 20.
001-ASA 11-19-2014 05:29:50 %ASA-4-713903: Group = 002.002.002.002, IP = 002.002.002.002, Can't find a valid tunnel group, aborting...!
002-ASA 11-19-2014 05:29:50 %ASA-4-752010: IKEv2 Doesn't have a proposal specified
002-ASA 11-19-2014 05:29:50 %ASA-5-713041: IP = 001.001.001.001, IKE Initiator: New Phase 1, Intf inside, IKE Peer 001.001.001.001 local Proxy Address 192.168.13.32, remote Proxy Address 192.168.52.0, Crypto map (outside_map)
002-ASA 11-19-2014 05:29:50 %ASA-5-752004: Tunnel Manager dispatching a KEY_ACQUIRE message to IKEv1. Map Tag = outside_map. Map Sequence Number = 20.
002-ASA 11-19-2014 05:29:44 %ASA-3-752015: Tunnel Manager has failed to establish an L2L SA. All configured IKE versions failed to establish the tunnel. Map Tag= outside_map. Map Sequence Number = 20.
002-ASA 11-19-2014 05:29:43 %ASA-4-752012: IKEv1 was unsuccessful at setting up a tunnel. Map Tag = outside_map. Map Sequence Number = 20.
002-ASA 11-19-2014 05:29:36 %ASA-4-713903: IP = 001.001.001.001, Information Exchange processing failed
002-ASA 11-19-2014 05:29:36 %ASA-5-713904: IP = 001.001.001.001, Received an un-encrypted INVALID_COOKIE notify message, dropping
001-ASA 11-19-2014 05:29:36 %ASA-4-713903: IP = 002.002.002.002, Header invalid, missing SA payload! (next payload = 4)
002-ASA 11-19-2014 05:29:26 %ASA-5-713904: IP = 001.001.001.001, Received an un-encrypted INVALID_COOKIE notify message, dropping
002-ASA 11-19-2014 05:29:26 %ASA-4-713903: IP = 001.001.001.001, Information Exchange processing failed
001-ASA 11-19-2014 05:29:26 %ASA-4-713903: IP = 002.002.002.002, Header invalid, missing SA payload! (next payload = 4)
001-ASA 11-19-2014 05:29:24 %ASA-5-713041: IP = 003.003.003.003, IKE Initiator: New Phase 1, Intf inside, IKE Peer 003.003.003.003 local Proxy Address 192.168.52.0, remote Proxy Address 192.168.13.32, Crypto map (outside_map)
001-ASA 11-19-2014 05:29:24 %ASA-4-752010: IKEv2 Doesn't have a proposal specified
001-ASA 11-19-2014 05:29:24 %ASA-5-752004: Tunnel Manager dispatching a KEY_ACQUIRE message to IKEv1. Map Tag = outside_map. Map Sequence Number = 20.
002-ASA 11-19-2014 05:29:18 %ASA-4-713903: IP = 001.001.001.001, Information Exchange processing failed
002-ASA 11-19-2014 05:29:18 %ASA-5-713904: IP = 001.001.001.001, Received an un-encrypted INVALID_COOKIE notify message, dropping
001-ASA 11-19-2014 05:29:18 %ASA-4-713903: IP = 002.002.002.002, Header invalid, missing SA payload! (next payload = 4)
001-ASA 11-19-2014 05:29:13 %ASA-3-752015: Tunnel Manager has failed to establish an L2L SA. All configured IKE versions failed to establish the tunnel. Map Tag= outside_map. Map Sequence Number = 20.
001-ASA 11-19-2014 05:29:13 %ASA-4-752012: IKEv1 was unsuccessful at setting up a tunnel. Map Tag = outside_map. Map Sequence Number = 20.
001-ASA 11-19-2014 05:29:10 %ASA-4-713903: Group = 002.002.002.002, IP = 002.002.002.002, Can't find a valid tunnel group, aborting...!
002-ASA 11-19-2014 05:29:10 %ASA-5-713041: IP = 001.001.001.001, IKE Initiator: New Phase 1, Intf inside, IKE Peer 001.001.001.001 local Proxy Address 192.168.13.32, remote Proxy Address 192.168.52.0, Crypto map (outside_map)
002-ASA 11-19-2014 05:29:10 %ASA-4-752010: IKEv2 Doesn't have a proposal specified
002-ASA 11-19-2014 05:29:10 %ASA-5-752004: Tunnel Manager dispatching a KEY_ACQUIRE message to IKEv1. Map Tag = outside_map. Map Sequence Number = 20.
002-ASA 11-19-2014 05:29:02 %ASA-3-752015: Tunnel Manager has failed to establish an L2L SA. All configured IKE versions failed to establish the tunnel. Map Tag= outside_map. Map Sequence Number = 20.
002-ASA 11-19-2014 05:29:02 %ASA-4-752012: IKEv1 was unsuccessful at setting up a tunnel. Map Tag = outside_map. Map Sequence Number = 20.
002-ASA 11-19-2014 05:28:54 %ASA-4-713903: IP = 001.001.001.001, Information Exchange processing failed
002-ASA 11-19-2014 05:28:54 %ASA-5-713904: IP = 001.001.001.001, Received an un-encrypted INVALID_COOKIE notify message, dropping
001-ASA 11-19-2014 05:28:54 %ASA-4-713903: IP = 002.002.002.002, Header invalid, missing SA payload! (next payload = 4)
002-ASA 11-19-2014 05:28:46 %ASA-4-713903: IP = 001.001.001.001, Information Exchange processing failed
002-ASA 11-19-2014 05:28:46 %ASA-5-713904: IP = 001.001.001.001, Received an un-encrypted INVALID_COOKIE notify message, dropping
001-ASA 11-19-2014 05:28:46 %ASA-4-713903: IP = 002.002.002.002, Header invalid, missing SA payload! (next payload = 4)
001-ASA 11-19-2014 05:28:41 %ASA-5-713041: IP = 003.003.003.003, IKE Initiator: New Phase 1, Intf inside, IKE Peer 003.003.003.003 local Proxy Address 192.168.52.0, remote Proxy Address 192.168.13.32, Crypto map (outside_map)
001-ASA 11-19-2014 05:28:41 %ASA-4-752010: IKEv2 Doesn't have a proposal specified
001-ASA 11-19-2014 05:28:41 %ASA-5-752004: Tunnel Manager dispatching a KEY_ACQUIRE message to IKEv1. Map Tag = outside_map. Map Sequence Number = 20.
002-ASA 11-19-2014 05:28:38 %ASA-4-713903: IP = 001.001.001.001, Information Exchange processing failed
002-ASA 11-19-2014 05:28:38 %ASA-5-713904: IP = 001.001.001.001, Received an un-encrypted INVALID_COOKIE notify message, dropping
001-ASA 11-19-2014 05:28:38 %ASA-4-713903: IP = 002.002.002.002, Header invalid, missing SA payload! (next payload = 4)
001-ASA 11-19-2014 05:28:31 %ASA-3-752015: Tunnel Manager has failed to establish an L2L SA. All configured IKE versions failed to establish the tunnel. Map Tag= outside_map. Map Sequence Number = 20.
001-ASA 11-19-2014 05:28:31 %ASA-4-752012: IKEv1 was unsuccessful at setting up a tunnel. Map Tag = outside_map. Map Sequence Number = 20.
001-ASA 11-19-2014 05:28:31 %ASA-4-713903: Group = 002.002.002.002, IP = 002.002.002.002, Can't find a valid tunnel group, aborting...!
002-ASA 11-19-2014 05:28:31 %ASA-5-752004: Tunnel Manager dispatching a KEY_ACQUIRE message to IKEv1. Map Tag = outside_map. Map Sequence Number = 20.
002-ASA 11-19-2014 05:28:31 %ASA-4-752010: IKEv2 Doesn't have a proposal specified
002-ASA 11-19-2014 05:28:31 %ASA-5-713041: IP = 001.001.001.001, IKE Initiator: New Phase 1, Intf inside, IKE Peer 001.001.001.001 local Proxy Address 192.168.13.32, remote Proxy Address 192.168.52.0, Crypto map (outside_map)
002-ASA 11-19-2014 05:28:23 %ASA-3-752015: Tunnel Manager has failed to establish an L2L SA. All configured IKE versions failed to establish the tunnel. Map Tag= outside_map. Map Sequence Number = 20.
002-ASA 11-19-2014 05:28:23 %ASA-4-752012: IKEv1 was unsuccessful at setting up a tunnel. Map Tag = outside_map. Map Sequence Number = 20.
002-ASA 11-19-2014 05:28:14 %ASA-4-713903: IP = 001.001.001.001, Information Exchange processing failed
002-ASA 11-19-2014 05:28:14 %ASA-5-713904: IP = 001.001.001.001, Received an un-encrypted INVALID_COOKIE notify message, dropping
001-ASA 11-19-2014 05:28:14 %ASA-4-713903: IP = 002.002.002.002, Header invalid, missing SA payload! (next payload = 4)
002-ASA 11-19-2014 05:28:06 %ASA-4-713903: IP = 001.001.001.001, Information Exchange processing failed
002-ASA 11-19-2014 05:28:06 %ASA-5-713904: IP = 001.001.001.001, Received an un-encrypted INVALID_COOKIE notify message, dropping
001-ASA 11-19-2014 05:28:06 %ASA-4-713903: IP = 002.002.002.002, Header invalid, missing SA payload! (next payload = 4)
001-ASA 11-19-2014 05:27:59 %ASA-5-713041: IP = 003.003.003.003, IKE Initiator: New Phase 1, Intf inside, IKE Peer 003.003.003.003 local Proxy Address 192.168.52.0, remote Proxy Address 192.168.13.32, Crypto map (outside_map)
001-ASA 11-19-2014 05:27:59 %ASA-4-752010: IKEv2 Doesn't have a proposal specified
001-ASA 11-19-2014 05:27:59 %ASA-5-752004: Tunnel Manager dispatching a KEY_ACQUIRE message to IKEv1. Map Tag = outside_map. Map Sequence Number = 20.
002-ASA 11-19-2014 05:27:58 %ASA-4-713903: IP = 001.001.001.001, Information Exchange processing failed
002-ASA 11-19-2014 05:27:58 %ASA-5-713904: IP = 001.001.001.001, Received an un-encrypted INVALID_COOKIE notify message, dropping
001-ASA 11-19-2014 05:27:58 %ASA-4-713903: IP = 002.002.002.002, Header invalid, missing SA payload! (next payload = 4)
001-ASA 11-19-2014 05:27:54 %ASA-3-752015: Tunnel Manager has failed to establish an L2L SA. All configured IKE versions failed to establish the tunnel. Map Tag= outside_map. Map Sequence Number = 20.
001-ASA 11-19-2014 05:27:54 %ASA-4-752012: IKEv1 was unsuccessful at setting up a tunnel. Map Tag = outside_map. Map Sequence Number = 20.
001-ASA 11-19-2014 05:27:50 %ASA-4-713903: Group = 002.002.002.002, IP = 002.002.002.002, Can't find a valid tunnel group, aborting...!
002-ASA 11-19-2014 05:27:50 %ASA-5-713041: IP = 001.001.001.001, IKE Initiator: New Phase 1, Intf inside, IKE Peer 001.001.001.001 local Proxy Address 192.168.13.32, remote Proxy Address 192.168.52.0, Crypto map (outside_map)
002-ASA 11-19-2014 05:27:50 %ASA-4-752010: IKEv2 Doesn't have a proposal specified
002-ASA 11-19-2014 05:27:50 %ASA-5-752004: Tunnel Manager dispatching a KEY_ACQUIRE message to IKEv1. Map Tag = outside_map. Map Sequence Number = 20.
002-ASA 11-19-2014 05:27:42 %ASA-3-752015: Tunnel Manager has failed to establish an L2L SA. All configured IKE versions failed to establish the tunnel. Map Tag= outside_map. Map Sequence Number = 20.
002-ASA 11-19-2014 05:27:42 %ASA-4-752012: IKEv1 was unsuccessful at setting up a tunnel. Map Tag = outside_map. Map Sequence Number = 20.
002-ASA 11-19-2014 05:27:34 %ASA-4-713903: IP = 001.001.001.001, Information Exchange processing failed
002-ASA 11-19-2014 05:27:34 %ASA-5-713904: IP = 001.001.001.001, Received an un-encrypted INVALID_COOKIE notify message, dropping
001-ASA 11-19-2014 05:27:34 %ASA-4-713903: IP = 002.002.002.002, Header invalid, missing SA payload! (next payload = 4)
002-ASA 11-19-2014 05:27:26 %ASA-4-713903: IP = 001.001.001.001, Information Exchange processing failed
002-ASA 11-19-2014 05:27:26 %ASA-5-713904: IP = 001.001.001.001, Received an un-encrypted INVALID_COOKIE notify message, dropping
001-ASA 11-19-2014 05:27:26 %ASA-4-713903: IP = 002.002.002.002, Header invalid, missing SA payload! (next payload = 4)
001-ASA 11-19-2014 05:27:22 %ASA-5-713041: IP = 003.003.003.003, IKE Initiator: New Phase 1, Intf inside, IKE Peer 003.003.003.003 local Proxy Address 192.168.52.0, remote Proxy Address 192.168.13.32, Crypto map (outside_map)
001-ASA 11-19-2014 05:27:22 %ASA-4-752010: IKEv2 Doesn't have a proposal specified
001-ASA 11-19-2014 05:27:22 %ASA-5-752004: Tunnel Manager dispatching a KEY_ACQUIRE message to IKEv1. Map Tag = outside_map. Map Sequence Number = 20.
Solved! Go to Solution.
11-19-2014 08:50 PM
Hello Jason,
According to this logs, the crypto map with sequence number 20 is havng issues to establish the site to site IPsec, so they indicate phase 1 is not completed yet.
Usually this is an issue with the encryption algorithms defined, and also issues in the middle <ISP>.
This should not affect the performance of your ASA, or routing on your ASA.
You can confirm with --> show crypto isakmp sa
To see if the tunnel can establish phase 1.
If you have another question let me know,
Please don´t forget to rate the helpful Post!
David Castro,
Regards,
11-19-2014 08:50 PM
Hello Jason,
According to this logs, the crypto map with sequence number 20 is havng issues to establish the site to site IPsec, so they indicate phase 1 is not completed yet.
Usually this is an issue with the encryption algorithms defined, and also issues in the middle <ISP>.
This should not affect the performance of your ASA, or routing on your ASA.
You can confirm with --> show crypto isakmp sa
To see if the tunnel can establish phase 1.
If you have another question let me know,
Please don´t forget to rate the helpful Post!
David Castro,
Regards,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide