Hi everybody.
I have a problem with ASA 5510 8.0(4) and need your help
This is a remote-access VPN setup and it's functional, no problems here...
But I keep getting logs like this every few seconds:
Group = <censored>, Username = <censored>, IP = <censored>, Reaper overriding refCnt [0] and tunnelCnt [0] -- deleting SA!
Group = <censored>, Username = <censored>, IP = <censored>, SA lock refCnt = 0, bitmask = 00000080, p1_decrypt_cb = 0, qm_decrypt_cb = 0, qm_hash_cb = 0, qm_spi_ok_cb = 0, qm_dh_cb = 0, qm_secret_key_cb = 0, qm_encrypt_cb = 0
.
.
.
Group = <censored>, Username = <censored>, IP = <censored>, IKE session establishment timed out [NullState], aborting!
.
.
A bunch of first two and a few of the last logs. The thing is that the logs keep generating only for one source IP address, mine.
I use VPNC 0.5.3 on a CentOS machine to connect to ASA. Others that user Cisco VPN Client do not generate these logs/errors.
Here is IKE 1 configuration:
crypto isakmp enable outside
crypto isakmp policy 1
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 3600
Here is the output of sh isakmp sa deta
Active SA: 17
Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)
Total IKE SA: 17
1 IKE Peer: <your mama>
Type : user Role : responder
Rekey : no State : EV_PROCESS_SIG
Encrypt : 3des Hash : SHA
Auth : preshared Lifetime: 2147483
Lifetime Remaining: 2140814113
Please notice the lifetime remaining. All 17 SAs are the same, and I cannot purge them with clear (crypto) isakmp sa...
There is NO active tunnels, no active ISAKMP SA, but the logs are still generated and shown alive.
It's a bug.
Anyone any ideas??
Except the obvious, trying other vpnc version or client.....