10-24-2002 09:07 AM - edited 03-09-2019 12:48 AM
Is there any debug explanations like there is for the syslog of a pix/
I'm seeing this on my 3030. Any suggestions of what it might be. This user can get in normally. She is on a connection she doesn't normally use.
51575 10/24/2002 11:57:25.440 SEV=7 AUTH/12 RPT=3207
Authentication session opened: handle = 134
51576 10/24/2002 11:57:25.540 SEV=6 AUTH/41 RPT=2458 xxx.xxx.xxx.34
Authentication successful: handle = 134, server = Internal, group = test
51577 10/24/2002 11:57:25.540 SEV=7 AUTH/13 RPT=3207
Authentication session closed: handle = 134
51578 10/24/2002 11:57:30.480 SEV=4 IKE/0 RPT=102 xxx.xxx.xxx.34
Duplicate first packet detected!
51579 10/24/2002 11:57:35.490 SEV=4 IKE/0 RPT=103 xxx.xxx.xxx.34
Duplicate first packet detected!
51580 10/24/2002 11:57:40.490 SEV=4 IKE/0 RPT=104 xxx.xxx.xxx.34
Duplicate first packet detected!
51581 10/24/2002 11:57:57.570 SEV=4 IKEDBG/65 RPT=164 xxx.xxx.xxx.34
Group [test]
IKE AM Responder FSM error history (struct &0xc37d0ac)
<state>, <event>:
AM_DONE, EV_ERROR
AM_WAIT_MSG3, EV_TIMEOUT
AM_WAIT_MSG3, NullEvent
AM_SND_MSG2, EV_CRYPTO_ACTIVE
Solved! Go to Solution.
10-25-2002 10:34 AM
Tom, what is your email address.
I just talked to the person who's in the process of putting this together to be published on CCO , he hopes towards the end of the year.
Right now we have zip file of all VPN 3000 events and some explanation (it's not the complete product- it's work in progress) , but could help you in your application.
I can email you the zip file or post it on CCO. I need your email, however.
If you don't feel comfortable posting yor email here , you can email me directly (nerodrig@cisco.com).
Thanks.
Nelson
10-24-2002 12:23 PM
Tom, this means the IKE negotiation was not successful .
This is the exchange for a successful tunnel establishement:
1) The client initiates the tunnel...sends IKE message 1 (MSG1) to the VPN 3000.
2) The VPN 3000 sends IKE_MSG2 to client requesting XAUTH info (group/password).
3) The client responds with this XAUTH request....and so on..followed by MODE_Config exchange....
So what's happening is that the client never received MSG2 and keeps retransmiting MSG1. The 3000 then complains that a Duplicate MSG 1 packet was received instead of the expected MSG3.
Usually this occurrs when there are routing and also timing out issues
in the network.
Nelson
10-25-2002 06:26 AM
Thanks for the help. The users already left the hotel. At least I know what to try now. Is there an explanation of syslog messages like there is for the PIX? (ie. http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v53/syslog/pixemsgs.htm)
It would be helpful. I use PrivateI to bring all my syslogs and snmp traps to one place, I can report of of them and have it alert me of specific events. Very nice. http://www.network-intelligence.com
Tom
10-25-2002 10:34 AM
Tom, what is your email address.
I just talked to the person who's in the process of putting this together to be published on CCO , he hopes towards the end of the year.
Right now we have zip file of all VPN 3000 events and some explanation (it's not the complete product- it's work in progress) , but could help you in your application.
I can email you the zip file or post it on CCO. I need your email, however.
If you don't feel comfortable posting yor email here , you can email me directly (nerodrig@cisco.com).
Thanks.
Nelson
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide