11-25-2008 11:23 PM
Hi,
few people of our university connect with their iPhone (protocol IPSec) to our asa (version 8.0(4)). The VPN connection starts correctly and they can use their iphone without problem. But after about 57min and 33s, all iPhones are disconnected from the ASA (IKE error ?):
Group = yyyy, Username = xxxx, IP = 134.21.xx.xx, QM FSM error (P2 struct &0xce84ccf0, mess id 0xe2ee3d2d)!
Group = yyyy, Username = xxxx, IP = 134.21.xx.xx, Removing peer from peer table failed, no match!up = yyyy, Username = xxxx, IP = 134.21.xx.xx, construct_ipsec_delete(): No SPI to identify Phase 2 SA!
Group = yyyy, Username = xxxx, IP = 134.21.xx.xx, Session disconnected. Session Type: IPsec, Duration: 0h:57m:33s, Bytes xmt: 55592, Bytes rcv: 32342, Reason: Phase 2 Error
someone knows this problem?
Thank you for your help
Sam
11-26-2008 08:33 AM
Hi,
Try to remove the 'inspect h323 / inspect sip based on the application the IP phones use. It might help.
Thank you
MS
11-27-2008 04:21 AM
Hi,
thank you for the answer, but I removed the inspect h323/sip and the problem is always the same.
An another idea?
thank you
11-27-2008 06:09 AM
Hi,
It might be something to do with VPN idle time like 1Hr. you might have checked it but just wanted to make sure. VPN users log in using laptop than IPhone shows the same behaviour?
MS
11-27-2008 06:57 AM
Hi,
my idle timeout is 60min and the maximum connect time is unlimited. Only iPhones are disconnect after 57min 33s, but all iphones. We have another clients(WindowsXP/Vista/MacOSX/Linux) and they are no problem.
I have put in attachement the details about iPhone connection, 20 seconds before its disconnection.
Thank you
11-27-2008 02:01 PM
Hi,
Assuing NAC is doing nothing here, I would test this with different encryption policy than AES for IPsec.
MS
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide