Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
378
Views
0
Helpful
3
Replies

Dumb question???

rockhoro
Level 1
Level 1

‎12-18-2002 07:33 AM - edited ‎03-09-2019 01:26 AM

I am working on implementing a VPN solution and am having problems connecting from the outside world. Using client 3.6.x, I get the following reply when I try to connect:

2459 12/18/2002 09:19:40.160 SEV=5 IKEDBG/64 RPT=170 xxx.xxx.xxx.xx

IKE Peer included IKE fragmentation capability flags:

Main Mode: True

Aggressive Mode: False

2461 12/18/2002 09:19:45.180 SEV=4 IKE/0 RPT=103 xxx.xxx.xxx.xx

Duplicate first packet detected!

2462 12/18/2002 09:19:50.190 SEV=4 IKE/0 RPT=104 xxx.xxx.xxx.xx

Duplicate first packet detected!

2463 12/18/2002 09:19:55.190 SEV=4 IKE/0 RPT=105 xxx.xxx.xxx.xx

Duplicate first packet detected!

2464 12/18/2002 09:20:12.380 SEV=4 IKEDBG/65 RPT=136 xxx.xxx.xxx.xx

Group [XXXX]

IKE AM Responder FSM error history (struct &0x5ed0034)

<state>, <event>:

AM_DONE, EV_ERROR_CONT

AM_DONE, EV_ERROR

AM_WAIT_MSG3, EV_TIMEOUT

AM_WAIT_MSG3, NullEvent

I am not sure why this is happening or how to get around this problem. I am using a CISCO 3015 and my software is current.

Any help??? Thanks!

Ray Rockholt

Labels:
0 Helpful
3 Replies 3

ajagadee
Cisco Employee
Cisco Employee

‎12-18-2002 12:03 PM

Hi Ray,

From the logs looks like the IKE packet are not reaching the client and the client is resending the request again and again.

Where is the user connecting from ?? If the user is behind a Firewall, make sure that the necessary ports and protocols are open and if the user is behind a PAT device, make sure to use IPSec Over UDP or TCP option.

Regards,

Arul

0 Helpful

rockhoro
Level 1
Level 1
In response to ajagadee

‎12-18-2002 12:27 PM

The clients are connecting through a dial-up connection. No firewall is in the picture.

I have IPSec configured correctly - just can't figure it out???

Thanks for the reply - any other thoughts???

Ray

0 Helpful

gfullage
Cisco Employee
Cisco Employee
In response to rockhoro

‎12-18-2002 04:12 PM

The "Duplicate first packet detected" simply means the reply the concentrator sent back to the client didn't make it, and so the client has timed out and resent the first ISAKMP packet. The concentrator detects this as a duplicate packet and complains.

You have to see why the packet from the concentrator to the client didn't get there. Is there a personal firewall on the PC? Is there a router/firewall on the outside of this concentrator with access-lists applied? If you connect this PC into the outside interface subnet of the concentrator, does the connection work then? Do you have a default route on the concentrator set to the IP address of the outside router?

0 Helpful
Customers Also Viewed These Support Documents