Solved: Re: Debug explanations?

t.holden · ‎10-24-2002

Is there any debug explanations like there is for the syslog of a pix/

I'm seeing this on my 3030. Any suggestions of what it might be. This user can get in normally. She is on a connection she doesn't normally use.

51575 10/24/2002 11:57:25.440 SEV=7 AUTH/12 RPT=3207

Authentication session opened: handle = 134

51576 10/24/2002 11:57:25.540 SEV=6 AUTH/41 RPT=2458 xxx.xxx.xxx.34

Authentication successful: handle = 134, server = Internal, group = test

51577 10/24/2002 11:57:25.540 SEV=7 AUTH/13 RPT=3207

Authentication session closed: handle = 134

51578 10/24/2002 11:57:30.480 SEV=4 IKE/0 RPT=102 xxx.xxx.xxx.34

Duplicate first packet detected!

51579 10/24/2002 11:57:35.490 SEV=4 IKE/0 RPT=103 xxx.xxx.xxx.34

Duplicate first packet detected!

51580 10/24/2002 11:57:40.490 SEV=4 IKE/0 RPT=104 xxx.xxx.xxx.34

Duplicate first packet detected!

51581 10/24/2002 11:57:57.570 SEV=4 IKEDBG/65 RPT=164 xxx.xxx.xxx.34

Group [test]

IKE AM Responder FSM error history (struct &0xc37d0ac)

<state>, <event>:

AM_DONE, EV_ERROR

AM_WAIT_MSG3, EV_TIMEOUT

AM_WAIT_MSG3, NullEvent

AM_SND_MSG2, EV_CRYPTO_ACTIVE

Nelson Rodrigues · ‎10-25-2002

Tom, what is your email address.

I just talked to the person who's in the process of putting this together to be published on CCO , he hopes towards the end of the year.

Right now we have zip file of all VPN 3000 events and some explanation (it's not the complete product- it's work in progress) , but could help you in your application.

I can email you the zip file or post it on CCO. I need your email, however.

If you don't feel comfortable posting yor email here , you can email me directly (nerodrig@cisco.com).

Thanks.

Nelson

View solution in original post

Nelson Rodrigues · ‎10-24-2002

Tom, this means the IKE negotiation was not successful .

This is the exchange for a successful tunnel establishement:

1) The client initiates the tunnel...sends IKE message 1 (MSG1) to the VPN 3000.

2) The VPN 3000 sends IKE_MSG2 to client requesting XAUTH info (group/password).

3) The client responds with this XAUTH request....and so on..followed by MODE_Config exchange....

So what's happening is that the client never received MSG2 and keeps retransmiting MSG1. The 3000 then complains that a Duplicate MSG 1 packet was received instead of the expected MSG3.

Usually this occurrs when there are routing and also timing out issues

in the network.

Nelson

t.holden · ‎10-25-2002

Thanks for the help. The users already left the hotel. At least I know what to try now. Is there an explanation of syslog messages like there is for the PIX? (ie. http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v53/syslog/pixemsgs.htm)

It would be helpful. I use PrivateI to bring all my syslogs and snmp traps to one place, I can report of of them and have it alert me of specific events. Very nice. http://www.network-intelligence.com

Tom

Nelson Rodrigues · ‎10-25-2002

Tom, what is your email address.

I just talked to the person who's in the process of putting this together to be published on CCO , he hopes towards the end of the year.

Right now we have zip file of all VPN 3000 events and some explanation (it's not the complete product- it's work in progress) , but could help you in your application.

I can email you the zip file or post it on CCO. I need your email, however.

If you don't feel comfortable posting yor email here , you can email me directly (nerodrig@cisco.com).

Thanks.

Nelson