VPN not working properly after 12.3 to 15.0(1)M7 migration
Hi guys, hope you are all doing great.
I'm having this issue where I did a router upgrade from a 1841 with 12.3 version to a 2921 router with 15.0 version (with all of the appropriate licensing) and the ezvpn configuration is not working properly.
Clients normally connect with their VPN client to the ASA going through the internet router, this was working properly but when the router was changed it seem that it is not finding a way to get the packet to the responder as we can see here so it is unable to establish the tunnel:
<165>Aug 31 2013 12:40:55: %ASA-5-713201: Group = x, IP = XX.XX.XX.XX, Duplicate Phase 1 packet detected. Retransmitting last packet.
<166>Aug 31 2013 12:40:55: %ASA-6-713905: Group = x, IP = XX.XX.XX.XX, P1 Retransmit msg dispatched to AM FSM
<165>Aug 31 2013 12:41:00: %ASA-5-713201: Group = x, IP = XX.XX.XX.XX, Duplicate Phase 1 packet detected. Retransmitting last packet.
<166>Aug 31 2013 12:41:00: %ASA-6-713905: Group = x, IP = XX.XX.XX.XX, P1 Retransmit msg dispatched to AM FSM
Aug 31 2013 12:41:13: %ASA-7-715065:Group = x, IP = XX.XX.XX.XX, IKE AM Responder FSM error history (struct &0xcff6f0b8) <state>, <event>: AM_DONE, EV_ERROR-->AM_WAIT_MSG3, EV_PROB_AUTH_FAIL-->AM_WAIT_MSG3, EV_TIMEOUT-->AM_WAIT_MSG3, NullEvent-->AM_SND_MSG2, EV_CRYPTO_ACTIVE-->AM_SND_MSG2, EV_SND_MSG-->AM_SND_MSG2, EV_START_TMR-->AM_SND_MSG2, EV_RESEND_MSG
The weirdest thing is that this only happens with one ISP (from the initiator), the other ones can connect properly.
I'm assuming this is a routing problem, but in the meantime I will be upgrading the new router to a newer 15 release.
I attach the configs, any comments are appreciated.
ISE 2.7 Guest Access Management Features
The following document explains the guest features of ISE 2.7. For more detail of what ISE 2.7 has to offer please check the associated documentation.
Auto Login on Sponsor Approval
SymptomsOutage during FTD code upgrade DiagnosisThe FTD code upgrade thru FMC will cause the traffic interruptionSolutionBelow process will upgrade the FTD with no downtime and no traffic interruption.Before the upgrade process:Download the FTD platf...
Process for FTD migration with PolicyAs per Cisco documentation, we have below steps for for de-register and register process. Please follow below steps :Step 1 : Break HA pair and de-register your FTD from FMC (old).Step 2 : Register your primary FTD wit...
Hi There,Is there a relationship between the hardware of the Cisco ASA 5505 FWs (V02) and the 9.x software version? Multiple ASA have been successfully updated with the same software. The ASAs that have been updated without any problems are V06 versi...
Dear Cisco Customers and Partners,
We know that the Cisco Identity Services Engine (ISE) is a critical element of your network security and so stability is of paramount importance. As a result, many of you asked us for a suggested release given sev...