- Cisco Community
- Technology and Support
- Security
- VPN
- Glad that the issue is
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-04-2016 05:17 AM
Hello Guys
Facing issue with new L2tp connection .need support on this please
L2tp is terminiated on ASA and before ASA there is a router where ASA outside interface is geting NAted to public IP
below is the config and the debug logs.earlier it was having unknown group and now tunnel is not eslablshitng from my machine via l2tp
ASA Version 8.2(5)59
access-list acl-in extended permit ip any any
access-list acl_outside extended permit ip object-group HQ object-group ABC
access-list acl_outside extended permit tcp any host 10.10.20.10 eq 5269
access-list inside_nat0 extended permit ip object-group ABC object-group HQ
access-list inside_nat0 extended permit ip any 10.1.252.0 255.255.255.0
access-list DefaultRAGroup_splitTunnelAcl standard permit 10.0.0.0 255.0.0.0
ip local pool vpngroup 10.1.252.1-10.1.252.253 mask 255.255.255.0
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0
nat (inside) 1 0.0.0.0 0.0.0.0
crypto ipsec transform-set trans esp-3des esp-sha-hmac
crypto dynamic-map dyno 10 set transform-set trans ESP-3DES-MD5-TRANS
crypto map vpn 65535 ipsec-isakmp dynamic dyno
crypto map vpn interface outside
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 28800
crypto isakmp nat-traversal 3600
group-policy DefaultRAGroup internal
group-policy DefaultRAGroup attributes
dns-server value 10.1.16.11 10.1.16.13
vpn-idle-timeout none
vpn-session-timeout none
vpn-tunnel-protocol l2tp-ipsec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value DefaultRAGroup_splitTunnelAcl
default-domain valuexyz.com
split-dns value xyz.com
intercept-dhcp 255.255.0.0 enable
user-authentication enable
group-policy DfltGrpPolicy attributes
vpn-tunnel-protocol IPSec l2tp-ipsec
username cisco password KCtylQW4545gfddN6mbi93ijmA== nt-encrypted
username cisco attributes
vpn-tunnel-protocol l2tp-ipsec
service-type remote-access
tunnel-group DefaultL2LGroup ipsec-attributes
pre-shared-key *****
tunnel-group DefaultRAGroup general-attributes
address-pool vpngroup
default-group-policy DefaultRAGroup
password-management password-expire-in-days 30
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key *****
tunnel-group DefaultRAGroup ppp-attributes
authentication ms-chap-v2
===========================
Debug logs:
EQ-INTFW01# Apr 04 14:59:36 [IKEv1]: IP = 195.229.90.21, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) +
VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 38
4
Apr 04 14:59:36 [IKEv1 DEBUG]: IP = 195.229.90.21, processing SA payload
Apr 04 14:59:36 [IKEv1]: Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Gr
oup 2
Apr 04 14:59:36 [IKEv1]: Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Gr
oup 2
Apr 04 14:59:36 [IKEv1 DEBUG]: IP = 195.229.90.21, Oakley proposal is acceptable
Apr 04 14:59:36 [IKEv1 DEBUG]: IP = 195.229.90.21, processing VID payload
Apr 04 14:59:36 [IKEv1 DEBUG]: IP = 195.229.90.21, processing VID payload
Apr 04 14:59:36 [IKEv1 DEBUG]: IP = 195.229.90.21, Received NAT-Traversal RFC VID
Apr 04 14:59:36 [IKEv1 DEBUG]: IP = 195.229.90.21, processing VID payload
Apr 04 14:59:36 [IKEv1 DEBUG]: IP = 195.229.90.21, Received NAT-Traversal ver 02 VID
Apr 04 14:59:36 [IKEv1 DEBUG]: IP = 195.229.90.21, processing VID payload
Apr 04 14:59:36 [IKEv1 DEBUG]: IP = 195.229.90.21, Received Fragmentation VID
Apr 04 14:59:36 [IKEv1 DEBUG]: IP = 195.229.90.21, processing VID payload
Apr 04 14:59:36 [IKEv1 DEBUG]: IP = 195.229.90.21, processing VID payload
Apr 04 14:59:36 [IKEv1 DEBUG]: IP = 195.229.90.21, processing VID payload
Apr 04 14:59:36 [IKEv1 DEBUG]: IP = 195.229.90.21, processing IKE SA payload
Apr 04 14:59:36 [IKEv1]: Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Gr
oup 2
Apr 04 14:59:36 [IKEv1]: Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Gr
oup 2
Apr 04 14:59:36 [IKEv1 DEBUG]: IP = 195.229.90.21, IKE SA Proposal # 1, Transform # 5 acceptable Matches global IKE entry #
1
Apr 04 14:59:36 [IKEv1 DEBUG]: IP = 195.229.90.21, constructing ISAKMP SA payload
Apr 04 14:59:36 [IKEv1 DEBUG]: IP = 195.229.90.21, constructing NAT-Traversal VID ver RFC payload
Apr 04 14:59:36 [IKEv1 DEBUG]: IP = 195.229.90.21, constructing Fragmentation VID + extended capabilities payload
Apr 04 14:59:36 [IKEv1]: IP = 195.229.90.21, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13)
+ VENDOR (13) + NONE (0) total length : 124
Apr 04 14:59:36 [IKEv1]: IP = 195.229.90.21, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10)
+ NAT-D (20) + NAT-D (20) + NONE (0) total length : 260
Apr 04 14:59:36 [IKEv1 DEBUG]: IP = 195.229.90.21, processing ke payload
Apr 04 14:59:36 [IKEv1 DEBUG]: IP = 195.229.90.21, processing ISA_KE payload
Apr 04 14:59:36 [IKEv1 DEBUG]: IP = 195.229.90.21, processing nonce payload
Apr 04 14:59:36 [IKEv1 DEBUG]: IP = 195.229.90.21, processing NAT-Discovery payload
Apr 04 14:59:36 [IKEv1 DEBUG]: IP = 195.229.90.21, computing NAT Discovery hash
Apr 04 14:59:36 [IKEv1 DEBUG]: IP = 195.229.90.21, processing NAT-Discovery payload
Apr 04 14:59:36 [IKEv1 DEBUG]: IP = 195.229.90.21, computing NAT Discovery hash
Apr 04 14:59:36 [IKEv1 DEBUG]: IP = 195.229.90.21, constructing ke payload
Apr 04 14:59:36 [IKEv1 DEBUG]: IP = 195.229.90.21, constructing nonce payload
Apr 04 14:59:36 [IKEv1 DEBUG]: IP = 195.229.90.21, constructing Cisco Unity VID payload
Apr 04 14:59:36 [IKEv1 DEBUG]: IP = 195.229.90.21, constructing xauth V6 VID payload
Apr 04 14:59:36 [IKEv1 DEBUG]: IP = 195.229.90.21, Send IOS VID
Apr 04 14:59:36 [IKEv1 DEBUG]: IP = 195.229.90.21, Constructing ASA spoofing IOS Vendor ID payload (version: 1.0.0, capabilit
ies: 20000001)
Apr 04 14:59:36 [IKEv1 DEBUG]: IP = 195.229.90.21, constructing VID payload
Apr 04 14:59:36 [IKEv1 DEBUG]: IP = 195.229.90.21, Send Altiga/Cisco VPN3000/Cisco ASA GW VID
Apr 04 14:59:36 [IKEv1 DEBUG]: IP = 195.229.90.21, constructing NAT-Discovery payload
Apr 04 14:59:36 [IKEv1 DEBUG]: IP = 195.229.90.21, computing NAT Discovery hash
Apr 04 14:59:36 [IKEv1 DEBUG]: IP = 195.229.90.21, constructing NAT-Discovery payload
Apr 04 14:59:36 [IKEv1 DEBUG]: IP = 195.229.90.21, computing NAT Discovery hash
Apr 04 14:59:36 [IKEv1]: IP = 195.229.90.21, Connection landed on tunnel_group DefaultRAGroup
Apr 04 14:59:36 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, Generating keys for Responder...
Apr 04 14:59:36 [IKEv1]: IP = 195.229.90.21, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) +
VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NAT-D (20) + NAT-D (20) + NONE (0) total length : 304
Apr 04 14:59:36 [IKEv1]: IP = 195.229.90.21, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + ID (5) + HASH (8) +
NONE (0) total length : 64
Apr 04 14:59:36 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing ID payload
Apr 04 14:59:36 [IKEv1 DECODE]: Group = DefaultRAGroup, IP = 195.229.90.21, ID_IPV4_ADDR ID received
10.1.100.79
Apr 04 14:59:36 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing hash payload
Apr 04 14:59:36 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, Computing hash for ISAKMP
Apr 04 14:59:36 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, Automatic NAT Detection Status: Remote end IS be
hind a NAT device This end IS behind a NAT device
Apr 04 14:59:36 [IKEv1]: IP = 195.229.90.21, Connection landed on tunnel_group DefaultRAGroup
Apr 04 14:59:36 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, constructing ID payload
Apr 04 14:59:36 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, constructing hash payload
Apr 04 14:59:36 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, Computing hash for ISAKMP
Apr 04 14:59:36 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, constructing dpd vid payload
Apr 04 14:59:36 [IKEv1]: IP = 195.229.90.21, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + ID (5) + HASH (8) + V
ENDOR (13) + NONE (0) total length : 84
Apr 04 14:59:36 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, PHASE 1 COMPLETED
Apr 04 14:59:36 [IKEv1]: IP = 195.229.90.21, Keep-alive type for this connection: None
Apr 04 14:59:36 [IKEv1]: IP = 195.229.90.21, Keep-alives configured on but peer does not support keep-alives (type = None)
Apr 04 14:59:36 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, Starting P1 rekey timer: 21600 seconds.
Apr 04 14:59:36 [IKEv1 DECODE]: IP = 195.229.90.21, IKE Responder starting QM: msg id = 00000001
Apr 04 14:59:36 [IKEv1]: IP = 195.229.90.21, IKE_DECODE RECEIVED Message (msgid=1) with payloads : HDR + HASH (8) + SA (1) +
NONCE (10) + ID (5) + ID (5) + NAT-OA (21) + NAT-OA (21) + NONE (0) total length : 324
Apr 04 14:59:36 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing hash payload
Apr 04 14:59:36 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing SA payload
Apr 04 14:59:36 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing nonce payload
Apr 04 14:59:36 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing ID payload
Apr 04 14:59:36 [IKEv1 DECODE]: Group = DefaultRAGroup, IP = 195.229.90.21, ID_IPV4_ADDR ID received
10.1.100.79
Apr 04 14:59:36 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, Received remote Proxy Host data in ID Payload: Address
10.1.100.79, Protocol 17, Port 1701
Apr 04 14:59:36 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing ID payload
Apr 04 14:59:36 [IKEv1 DECODE]: Group = DefaultRAGroup, IP = 195.229.90.21, ID_IPV4_ADDR ID received
185.78.161.254
Apr 04 14:59:36 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, Received local Proxy Host data in ID Payload: Address 1
85.78.161.254, Protocol 17, Port 1701
Apr 04 14:59:36 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, L2TP/IPSec session detected.
Apr 04 14:59:36 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing NAT-Original-Address payload
Apr 04 14:59:36 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing NAT-Original-Address payload
Apr 04 14:59:36 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, QM IsRekeyed old sa not found by addr
Apr 04 14:59:36 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, Static Crypto Map check, map dyno, seq = 10 is a success
ful match
Apr 04 14:59:36 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, Selecting only UDP-Encapsulated-Tunnel and UDP-En
capsulated-Transport modes defined by NAT-Traversal
Apr 04 14:59:36 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, IKE Remote Peer configured for crypto map: dyno
Apr 04 14:59:36 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing IPSec SA payload
Apr 04 14:59:36 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, IPSec SA Proposal # 2, Transform # 1 acceptable M
atches global IPSec SA entry # 10
Apr 04 14:59:36 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, IKE: requesting SPI!
Apr 04 14:59:36 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, IKE got SPI from key engine: SPI = 0x321170a2
Apr 04 14:59:36 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, oakley constucting quick mode
Apr 04 14:59:36 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, constructing blank hash payload
Apr 04 14:59:36 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, constructing IPSec SA payload
Apr 04 14:59:36 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, constructing IPSec nonce payload
Apr 04 14:59:36 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, constructing proxy ID
Apr 04 14:59:36 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, Transmitting Proxy Id:
Remote host: 195.229.90.21 Protocol 17 Port 0
Local host: 10.10.20.2 Protocol 17 Port 1701
Apr 04 14:59:36 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, constructing NAT-Original-Address payload
Apr 04 14:59:36 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, constructing NAT-Original-Address payload
Apr 04 14:59:36 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, NAT-Traversal sending NAT-Original-Address payload
Apr 04 14:59:36 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, constructing qm hash payload
Apr 04 14:59:36 [IKEv1 DECODE]: Group = DefaultRAGroup, IP = 195.229.90.21, IKE Responder sending 2nd QM pkt: msg id = 000000
01
Apr 04 14:59:36 [IKEv1]: IP = 195.229.90.21, IKE_DECODE SENDING Message (msgid=1) with payloads : HDR + HASH (8) + SA (1) + N
ONCE (10) + ID (5) + ID (5) + NAT-OA (21) + NAT-OA (21) + NONE (0) total length : 184
Apr 04 14:59:36 [IKEv1]: IP = 195.229.90.21, IKE_DECODE RECEIVED Message (msgid=1) with payloads : HDR + HASH (8) + NONE (0)
total length : 52
Apr 04 14:59:36 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing hash payload
Apr 04 14:59:36 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, loading all IPSEC SAs
Apr 04 14:59:36 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, Generating Quick Mode Key!
Apr 04 14:59:36 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, NP encrypt rule look up for crypto map dyno 10 mat
ching ACL Unknown: returned cs_id=ccf1ac00; rule=00000000
Apr 04 14:59:36 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, Generating Quick Mode Key!
Apr 04 14:59:36 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, NP encrypt rule look up for crypto map dyno 10 mat
ching ACL Unknown: returned cs_id=ccf1ac00; rule=00000000
Apr 04 14:59:36 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, Security negotiation complete for User () Responder, In
bound SPI = 0x321170a2, Outbound SPI = 0x8349be0f
Apr 04 14:59:36 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, IKE got a KEY_ADD msg for SA: SPI = 0x8349be0f
Apr 04 14:59:36 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, Pitcher: received KEY_UPDATE, spi 0x321170a2
Apr 04 14:59:36 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, Starting P2 rekey timer: 3060 seconds.
Apr 04 14:59:36 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, PHASE 2 COMPLETED (msgid=00000001)
Apr 04 14:59:36 [IKEv1]: IKEQM_Active() Add L2TP classification rules: ip <195.229.90.21> mask <0xFFFFFFFF> port <4500>
Apr 04 14:59:38 [IKEv1 DECODE]: IP = 195.229.90.21, IKE Responder starting QM: msg id = 00000002
Apr 04 14:59:38 [IKEv1]: IP = 195.229.90.21, IKE_DECODE RECEIVED Message (msgid=2) with payloads : HDR + HASH (8) + SA (1) +
NONCE (10) + ID (5) + ID (5) + NAT-OA (21) + NAT-OA (21) + NONE (0) total length : 324
Apr 04 14:59:38 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing hash payload
Apr 04 14:59:38 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing SA payload
Apr 04 14:59:38 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing nonce payload
Apr 04 14:59:38 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing ID payload
Apr 04 14:59:38 [IKEv1 DECODE]: Group = DefaultRAGroup, IP = 195.229.90.21, ID_IPV4_ADDR ID received
10.1.100.79
Apr 04 14:59:38 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, Received remote Proxy Host data in ID Payload: Address
195.229.90.21, Protocol 17, Port 0
Apr 04 14:59:38 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing ID payload
Apr 04 14:59:38 [IKEv1 DECODE]: Group = DefaultRAGroup, IP = 195.229.90.21, ID_IPV4_ADDR ID received
185.78.161.254
Apr 04 14:59:38 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, Received local Proxy Host data in ID Payload: Address 1
0.10.20.2, Protocol 17, Port 1701
Apr 04 14:59:38 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, L2TP/IPSec session detected.
Apr 04 14:59:38 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing NAT-Original-Address payload
Apr 04 14:59:38 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing NAT-Original-Address payload
Apr 04 14:59:38 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, Static Crypto Map check, map dyno, seq = 10 is a success
ful match
Apr 04 14:59:38 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, Selecting only UDP-Encapsulated-Tunnel and UDP-En
capsulated-Transport modes defined by NAT-Traversal
Apr 04 14:59:38 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, IKE Remote Peer configured for crypto map: dyno
Apr 04 14:59:38 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing IPSec SA payload
Apr 04 14:59:38 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, IPSec SA Proposal # 2, Transform # 1 acceptable M
atches global IPSec SA entry # 10
Apr 04 14:59:38 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, IKE: requesting SPI!
Apr 04 14:59:38 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, Active unit process rekey delete event for remote
peer 195.229.90.21.
Apr 04 14:59:38 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, IKE got SPI from key engine: SPI = 0xc9c523ea
Apr 04 14:59:38 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, oakley constucting quick mode
Apr 04 14:59:38 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, constructing blank hash payload
Apr 04 14:59:38 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, constructing IPSec SA payload
Apr 04 14:59:38 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, constructing IPSec nonce payload
Apr 04 14:59:38 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, constructing proxy ID
Apr 04 14:59:38 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, Transmitting Proxy Id:
Remote host: 195.229.90.21 Protocol 17 Port 0
Local host: 10.10.20.2 Protocol 17 Port 1701
Apr 04 14:59:38 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, constructing NAT-Original-Address payload
Apr 04 14:59:38 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, constructing NAT-Original-Address payload
Apr 04 14:59:38 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, NAT-Traversal sending NAT-Original-Address payload
Apr 04 14:59:38 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, constructing qm hash payload
Apr 04 14:59:38 [IKEv1 DECODE]: Group = DefaultRAGroup, IP = 195.229.90.21, IKE Responder sending 2nd QM pkt: msg id = 000000
02
Apr 04 14:59:38 [IKEv1]: IP = 195.229.90.21, IKE_DECODE SENDING Message (msgid=2) with payloads : HDR + HASH (8) + SA (1) + N
ONCE (10) + ID (5) + ID (5) + NAT-OA (21) + NAT-OA (21) + NONE (0) total length : 184
Apr 04 14:59:38 [IKEv1]: IP = 195.229.90.21, IKE_DECODE RECEIVED Message (msgid=2) with payloads : HDR + HASH (8) + NONE (0)
total length : 52
Apr 04 14:59:38 [IKEv1]: IP = 195.229.90.21, IKE_DECODE RECEIVED Message (msgid=b0e14739) with payloads : HDR + HASH (8) + DE
LETE (12) + NONE (0) total length : 68
Apr 04 14:59:38 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing hash payload
Apr 04 14:59:38 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing delete
Apr 04 14:59:38 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, IKE Received delete for rekeyed centry IKE peer: 195.22
9.90.21, centry addr: cd4874a0, msgid: 0x00000001
Apr 04 14:59:38 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, L2TP/IPSec: Ignoring delete to a rekeyed centry (m
sgid=1)
Apr 04 14:59:38 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing hash payload
Apr 04 14:59:38 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, loading all IPSEC SAs
Apr 04 14:59:38 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, Generating Quick Mode Key!
Apr 04 14:59:38 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, NP encrypt rule look up for crypto map dyno 10 mat
ching ACL Unknown: returned cs_id=ccf1ac00; rule=00000000
Apr 04 14:59:38 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, Generating Quick Mode Key!
Apr 04 14:59:38 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, NP encrypt rule look up for crypto map dyno 10 mat
ching ACL Unknown: returned cs_id=ccf1ac00; rule=00000000
Apr 04 14:59:38 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, Security negotiation complete for User () Responder, In
bound SPI = 0xc9c523ea, Outbound SPI = 0x619b7d3a
Apr 04 14:59:38 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, IKE got a KEY_ADD msg for SA: SPI = 0x619b7d3a
Apr 04 14:59:38 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, Pitcher: received KEY_UPDATE, spi 0xc9c523ea
Apr 04 14:59:38 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, Starting P2 rekey timer: 3060 seconds.
Apr 04 14:59:38 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, PHASE 2 COMPLETED (msgid=00000002)
Apr 04 14:59:39 [IKEv1 DECODE]: IP = 195.229.90.21, IKE Responder starting QM: msg id = 00000003
Apr 04 14:59:39 [IKEv1]: IP = 195.229.90.21, IKE_DECODE RECEIVED Message (msgid=3) with payloads : HDR + HASH (8) + SA (1) +
NONCE (10) + ID (5) + ID (5) + NAT-OA (21) + NAT-OA (21) + NONE (0) total length : 324
Apr 04 14:59:39 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing hash payload
Apr 04 14:59:39 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing SA payload
Apr 04 14:59:39 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing nonce payload
Apr 04 14:59:39 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing ID payload
Apr 04 14:59:39 [IKEv1 DECODE]: Group = DefaultRAGroup, IP = 195.229.90.21, ID_IPV4_ADDR ID received
10.1.100.79
Apr 04 14:59:39 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, Received remote Proxy Host data in ID Payload: Address
195.229.90.21, Protocol 17, Port 0
Apr 04 14:59:39 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing ID payload
Apr 04 14:59:39 [IKEv1 DECODE]: Group = DefaultRAGroup, IP = 195.229.90.21, ID_IPV4_ADDR ID received
185.78.161.254
Apr 04 14:59:39 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, Received local Proxy Host data in ID Payload: Address 1
0.10.20.2, Protocol 17, Port 1701
Apr 04 14:59:39 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, L2TP/IPSec session detected.
Apr 04 14:59:39 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing NAT-Original-Address payload
Apr 04 14:59:39 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing NAT-Original-Address payload
Apr 04 14:59:39 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, QM IsRekeyed sa already being rekeyed
Apr 04 14:59:39 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, QM FSM error (P2 struct &0xcd51dbb8, mess id 0x3)!
Apr 04 14:59:39 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, IKE QM Responder FSM error history (struct &0xcd51
dbb8) <state>, <event>: QM_DONE, EV_ERROR-->QM_BLD_MSG2, EV_IS_REKEY-->QM_BLD_MSG2, EV_CONFIRM_SA-->QM_BLD_MSG2, EV_PROC_MS
G-->QM_BLD_MSG2, EV_HASH_OK-->QM_BLD_MSG2, NullEvent-->QM_BLD_MSG2, EV_COMP_HASH-->QM_BLD_MSG2, EV_VALIDATE_MSG
Apr 04 14:59:39 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, sending delete/delete with reason message
Apr 04 14:59:39 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, Removing peer from correlator table failed, no match!
Apr 04 14:59:41 [IKEv1 DECODE]: IP = 195.229.90.21, IKE Responder starting QM: msg id = 00000003
Apr 04 14:59:41 [IKEv1]: IP = 195.229.90.21, IKE_DECODE RECEIVED Message (msgid=3) with payloads : HDR + HASH (8) + SA (1) +
NONCE (10) + ID (5) + ID (5) + NAT-OA (21) + NAT-OA (21) + NONE (0) total length : 324
Apr 04 14:59:41 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing hash payload
Apr 04 14:59:41 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing SA payload
Apr 04 14:59:41 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing nonce payload
Apr 04 14:59:41 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing ID payload
Apr 04 14:59:41 [IKEv1 DECODE]: Group = DefaultRAGroup, IP = 195.229.90.21, ID_IPV4_ADDR ID received
10.1.100.79
Apr 04 14:59:41 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, Received remote Proxy Host data in ID Payload: Address
195.229.90.21, Protocol 17, Port 0
Apr 04 14:59:41 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing ID payload
Apr 04 14:59:41 [IKEv1 DECODE]: Group = DefaultRAGroup, IP = 195.229.90.21, ID_IPV4_ADDR ID received
185.78.161.254
Apr 04 14:59:41 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, Received local Proxy Host data in ID Payload: Address 1
0.10.20.2, Protocol 17, Port 1701
Apr 04 14:59:41 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, L2TP/IPSec session detected.
Apr 04 14:59:41 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing NAT-Original-Address payload
Apr 04 14:59:41 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing NAT-Original-Address payload
Apr 04 14:59:41 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, QM IsRekeyed sa already being rekeyed
Apr 04 14:59:41 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, QM FSM error (P2 struct &0xcd5159c8, mess id 0x3)!
Apr 04 14:59:41 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, IKE QM Responder FSM error history (struct &0xcd51
59c8) <state>, <event>: QM_DONE, EV_ERROR-->QM_BLD_MSG2, EV_IS_REKEY-->QM_BLD_MSG2, EV_CONFIRM_SA-->QM_BLD_MSG2, EV_PROC_MS
G-->QM_BLD_MSG2, EV_HASH_OK-->QM_BLD_MSG2, NullEvent-->QM_BLD_MSG2, EV_COMP_HASH-->QM_BLD_MSG2, EV_VALIDATE_MSG
Apr 04 14:59:41 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, sending delete/delete with reason message
Apr 04 14:59:41 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, Removing peer from correlator table failed, no match!
Apr 04 14:59:44 [IKEv1 DECODE]: IP = 195.229.90.21, IKE Responder starting QM: msg id = 00000003
Apr 04 14:59:44 [IKEv1]: IP = 195.229.90.21, IKE_DECODE RECEIVED Message (msgid=3) with payloads : HDR + HASH (8) + SA (1) +
NONCE (10) + ID (5) + ID (5) + NAT-OA (21) + NAT-OA (21) + NONE (0) total length : 324
Apr 04 14:59:44 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing hash payload
Apr 04 14:59:44 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing SA payload
Apr 04 14:59:44 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing nonce payload
Apr 04 14:59:44 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing ID payload
Apr 04 14:59:44 [IKEv1 DECODE]: Group = DefaultRAGroup, IP = 195.229.90.21, ID_IPV4_ADDR ID received
10.1.100.79
Apr 04 14:59:44 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, Received remote Proxy Host data in ID Payload: Address
195.229.90.21, Protocol 17, Port 0
Apr 04 14:59:44 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing ID payload
Apr 04 14:59:44 [IKEv1 DECODE]: Group = DefaultRAGroup, IP = 195.229.90.21, ID_IPV4_ADDR ID received
185.78.161.254
Apr 04 14:59:44 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, Received local Proxy Host data in ID Payload: Address 1
0.10.20.2, Protocol 17, Port 1701
Apr 04 14:59:44 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, L2TP/IPSec session detected.
Apr 04 14:59:44 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing NAT-Original-Address payload
Apr 04 14:59:44 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing NAT-Original-Address payload
Apr 04 14:59:44 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, QM IsRekeyed sa already being rekeyed
Apr 04 14:59:44 [IKEv1] : Group = DefaultRAGroup, IP = 195.229.90.21, QM FSM error (P2 struct &0xcd5159c8, mess id 0x3)!
Apr 04 14:59:44 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, IKE QM Responder FSM error history (struct &0xcd51
59c8) <state>, <event>: QM_DONE, EV_ERROR-->QM_BLD_MSG2, EV_IS_REKEY-->QM_BLD_MSG2, EV_CONFIRM_SA-->QM_BLD_MSG2, EV_PROC_MS
G-->QM_BLD_MSG2, EV_HASH_OK-->QM_BLD_MSG2, NullEvent-->QM_BLD_MSG2, EV_COMP_HASH-->QM_BLD_MSG2, EV_VALIDATE_MSG
Apr 04 14:59:44 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, sending delete/delete with reason message
Apr 04 14:59:44 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, Removing peer from correlator table failed, no match!
Apr 04 14:59:48 [IKEv1 DECODE]: IP = 195.229.90.21, IKE Responder starting QM: msg id = 00000003
Apr 04 14:59:48 [IKEv1]: IP = 195.229.90.21, IKE_DECODE RECEIVED Message (msgid=3) with payloads : HDR + HASH (8) + SA (1) +
NONCE (10) + ID (5) + ID (5) + NAT-OA (21) + NAT-OA (21) + NONE (0) total length : 324
Apr 04 14:59:48 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing hash payload
Apr 04 14:59:48 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing SA payload
Apr 04 14:59:48 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing nonce payload
Apr 04 14:59:48 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing ID payload
Apr 04 14:59:48 [IKEv1 DECODE]: Group = DefaultRAGroup, IP = 195.229.90.21, ID_IPV4_ADDR ID received
10.1.100.79
Apr 04 14:59:48 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, Received remote Proxy Host data in ID Payload: Address
195.229.90.21, Protocol 17, Port 0
Apr 04 14:59:48 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing ID payload
Apr 04 14:59:48 [IKEv1 DECODE]: Group = DefaultRAGroup, IP = 195.229.90.21, ID_IPV4_ADDR ID received
185.78.161.254
Apr 04 14:59:48 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, Received local Proxy Host data in ID Payload: Address 1
0.10.20.2, Protocol 17, Port 1701
Apr 04 14:59:48 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, L2TP/IPSec session detected.
Apr 04 14:59:48 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing NAT-Original-Address payload
Apr 04 14:59:48 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing NAT-Original-Address payload
Apr 04 14:59:48 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, QM IsRekeyed sa already being rekeyed
Apr 04 14:59:48 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, QM FSM error (P2 struct &0xcd5159c8, mess id 0x3)!
Apr 04 14:59:48 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, IKE QM Responder FSM error history (struct &0xcd51
59c8) <state>, <event>: QM_DONE, EV_ERROR-->QM_BLD_MSG2, EV_IS_REKEY-->QM_BLD_MSG2, EV_CONFIRM_SA-->QM_BLD_MSG2, EV_PROC_MS
G-->QM_BLD_MSG2, EV_HASH_OK-->QM_BLD_MSG2, NullEvent-->QM_BLD_MSG2, EV_COMP_HASH-->QM_BLD_MSG2, EV_VALIDATE_MSG
Apr 04 14:59:48 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, sending delete/delete with reason message
Apr 04 14:59:48 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, Removing peer from correlator table failed, no match!
Apr 04 14:59:57 [IKEv1 DECODE]: IP = 195.229.90.21, IKE Responder starting QM: msg id = 00000003
Apr 04 14:59:57 [IKEv1]: IP = 195.229.90.21, IKE_DECODE RECEIVED Message (msgid=3) with payloads : HDR + HASH (8) + SA (1) +
NONCE (10) + ID (5) + ID (5) + NAT-OA (21) + NAT-OA (21) + NONE (0) total length : 324
Apr 04 14:59:57 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing hash payload
Apr 04 14:59:57 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing SA payload
Apr 04 14:59:57 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing nonce payload
Apr 04 14:59:57 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing ID payload
Apr 04 14:59:57 [IKEv1 DECODE]: Group = DefaultRAGroup, IP = 195.229.90.21, ID_IPV4_ADDR ID received
10.1.100.79
Apr 04 14:59:57 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, Received remote Proxy Host data in ID Payload: Address
195.229.90.21, Protocol 17, Port 0
Apr 04 14:59:57 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing ID payload
Apr 04 14:59:57 [IKEv1 DECODE]: Group = DefaultRAGroup, IP = 195.229.90.21, ID_IPV4_ADDR ID received
185.78.161.254
Apr 04 14:59:57 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, Received local Proxy Host data in ID Payload: Address 1
0.10.20.2, Protocol 17, Port 1701
Apr 04 14:59:57 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, L2TP/IPSec session detected.
Apr 04 14:59:57 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing NAT-Original-Address payload
Apr 04 14:59:57 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing NAT-Original-Address payload
Apr 04 14:59:57 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, QM IsRekeyed sa already being rekeyed
Apr 04 14:59:57 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, QM FSM error (P2 struct &0xcd515f40, mess id 0x3)!
Apr 04 14:59:57 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, IKE QM Responder FSM error history (struct &0xcd51
5f40) <state>, <event>: QM_DONE, EV_ERROR-->QM_BLD_MSG2, EV_IS_REKEY-->QM_BLD_MSG2, EV_CONFIRM_SA-->QM_BLD_MSG2, EV_PROC_MS
G-->QM_BLD_MSG2, EV_HASH_OK-->QM_BLD_MSG2, NullEvent-->QM_BLD_MSG2, EV_COMP_HASH-->QM_BLD_MSG2, EV_VALIDATE_MSG
Apr 04 14:59:57 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, sending delete/delete with reason message
Apr 04 14:59:57 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, Removing peer from correlator table failed, no match!
Apr 04 15:00:08 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, sending delete/delete with reason message
Apr 04 15:00:08 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, constructing blank hash payload
Apr 04 15:00:08 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, constructing IPSec delete payload
Apr 04 15:00:08 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, constructing qm hash payload
Apr 04 15:00:08 [IKEv1]: IP = 195.229.90.21, IKE_DECODE SENDING Message (msgid=64ea9549) with payloads : HDR + HASH (8) + DEL
ETE (12) + NONE (0) total length : 68
Apr 04 15:00:08 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, Active unit receives a centry expired event for re
mote peer 195.229.90.21.
Apr 04 15:00:08 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, IKE Deleting SA: Remote Proxy 195.229.90.21, Local
Proxy 10.10.20.2
Apr 04 15:00:08 [IKEv1 DEBUG]: Pitcher: received key delete msg, spi 0x321170a2
Apr 04 15:00:11 [IKEv1]: IP = 195.229.90.21, IKE_DECODE RECEIVED Message (msgid=d28ee0e6) with payloads : HDR + HASH (8) + DE
LETE (12) + NONE (0) total length : 68
Apr 04 15:00:11 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing hash payload
Apr 04 15:00:11 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing delete
Apr 04 15:00:11 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, Connection terminated for peer . Reason: Peer Terminate
Remote Proxy 195.229.90.21, Local Proxy 10.10.20.2
Apr 04 15:00:11 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, Active unit receives a delete event for remote pee
r 195.229.90.21.
Apr 04 15:00:11 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, IKE Deleting SA: Remote Proxy 195.229.90.21, Local
Proxy 10.10.20.2
Apr 04 15:00:11 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, IKE SA MM:a32eab27 rcv'd Terminate: state MM_ACTIV
E flags 0x00000042, refcnt 1, tuncnt 0
Apr 04 15:00:11 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, IKE SA MM:a32eab27 terminating: flags 0x01000002,
refcnt 0, tuncnt 0
Apr 04 15:00:11 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, sending delete/delete with reason message
Apr 04 15:00:11 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, constructing blank hash payload
Apr 04 15:00:11 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, constructing IKE delete payload
Apr 04 15:00:11 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, constructing qm hash payload
Apr 04 15:00:11 [IKEv1]: IP = 195.229.90.21, IKE_DECODE SENDING Message (msgid=e5c290b6) with payloads : HDR + HASH (8) + DEL
ETE (12) + NONE (0) total length : 80
Apr 04 15:00:11 [IKEv1 DEBUG]: Pitcher: received key delete msg, spi 0xc9c523ea
Apr 04 15:00:11 [IKEv1 DEBUG]: Pitcher: received key delete msg, spi 0xc9c523ea
Apr 04 15:00:11 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, Session is being torn down. Reason: User Requested
Apr 04 15:00:11 [IKEv1]: Ignoring msg to mark SA with dsID 36864 dead because SA deleted
Apr 04 15:00:11 [IKEv1]: IP = 195.229.90.21, Received encrypted packet with no matching SA, dropping
EQ-INTFW01# IPSEC: Deleted outbound encrypt rule, SPI 0x243066CC
Rule ID: 0xCD487C20
IPSEC: Deleted outbound permit rule, SPI 0x243066CC
Rule ID: 0xCD51D3E8
IPSEC: Rekeyed outbound VPN context, SPI 0x243066CC
VPN handle: 0x00033D94
IPSEC: Deleted inbound decrypt rule, SPI 0x44001D8E
Rule ID: 0xCD51DC68
IPSEC: Deleted inbound permit rule, SPI 0x44001D8E
Rule ID: 0xCD51DE08
IPSEC: Deleted inbound tunnel flow rule, SPI 0x44001D8E
Rule ID: 0xCD51CCF8
IPSEC: Rekeyed inbound VPN context, SPI 0x44001D8E
VPN handle: 0x00035734
IPSEC: Deleted outbound encrypt rule, SPI 0x9EF2CA7A
Rule ID: 0xCD3CD1E8
IPSEC: Deleted outbound permit rule, SPI 0x9EF2CA7A
Rule ID: 0xCD51AE20
IPSEC: Deleted outbound VPN context, SPI 0x9EF2CA7A
VPN handle: 0x00033D94
IPSEC: Deleted inbound decrypt rule, SPI 0x866D812A
Rule ID: 0xCD487FD0
IPSEC: Deleted inbound permit rule, SPI 0x866D812A
Rule ID: 0xCCB3D7D0
IPSEC: Deleted inbound tunnel flow rule, SPI 0x866D812A
Rule ID: 0xCD48B110
IPSEC: Deleted inbound VPN context, SPI 0x866D812A
VPN handle: 0x00035734
IPSEC: New embryonic SA created @ 0xCCB9C1F8,
SCB: 0xCD489170,
Direction: inbound
SPI : 0xADBC899B
Session ID: 0x0000E000
VPIF num : 0x00000001
Tunnel type: ra
Protocol : esp
Lifetime : 240 seconds
IPSEC: New embryonic SA created @ 0xCD17B2B8,
SCB: 0xCD4896C8,
Direction: outbound
SPI : 0xD69313B6
Session ID: 0x0000E000
VPIF num : 0x00000001
Tunnel type: ra
Protocol : esp
Lifetime : 240 seconds
IPSEC: Completed host OBSA update, SPI 0xD69313B6
IPSEC: Creating outbound VPN context, SPI 0xD69313B6
Flags: 0x00000225
SA : 0xCD17B2B8
SPI : 0xD69313B6
MTU : 1500 bytes
VCID : 0x00000000
Peer : 0x00000000
SCB : 0x010926E1
Channel: 0xC929B4C0
IPSEC: Completed outbound VPN context, SPI 0xD69313B6
VPN handle: 0x00037A0C
IPSEC: New outbound encrypt rule, SPI 0xD69313B6
Src addr: 10.10.20.2
Src mask: 255.255.255.255
Dst addr: 195.229.90.21
Dst mask: 255.255.255.255
Src ports
Upper: 1701
Lower: 1701
Op : equal
Dst ports
Upper: 4500
Lower: 4500
Op : equal
Protocol: 17
Use protocol: true
SPI: 0x00000000
Use SPI: false
IPSEC: Completed outbound encrypt rule, SPI 0xD69313B6
Rule ID: 0xCD489970
IPSEC: New outbound permit rule, SPI 0xD69313B6
Src addr: 10.10.20.2
Src mask: 255.255.255.255
Dst addr: 195.229.90.21
Dst mask: 255.255.255.255
Src ports
Upper: 4500
Lower: 4500
Op : equal
Dst ports
Upper: 4500
Lower: 4500
Op : equal
Protocol: 17
Use protocol: true
SPI: 0x00000000
Use SPI: false
IPSEC: Completed outbound permit rule, SPI 0xD69313B6
Rule ID: 0xCD4899F8
IPSEC: Completed host IBSA update, SPI 0xADBC899B
IPSEC: Creating inbound VPN context, SPI 0xADBC899B
Flags: 0x00000226
SA : 0xCCB9C1F8
SPI : 0xADBC899B
MTU : 0 bytes
VCID : 0x00000000
Peer : 0x00037A0C
SCB : 0x01088849
Channel: 0xC929B4C0
IPSEC: Completed inbound VPN context, SPI 0xADBC899B
VPN handle: 0x0003864C
IPSEC: Updating outbound VPN context 0x00037A0C, SPI 0xD69313B6
Flags: 0x00000225
SA : 0xCD17B2B8
SPI : 0xD69313B6
MTU : 1500 bytes
VCID : 0x00000000
Peer : 0x0003864C
SCB : 0x010926E1
Channel: 0xC929B4C0
IPSEC: Completed outbound VPN context, SPI 0xD69313B6
VPN handle: 0x00037A0C
IPSEC: Completed outbound inner rule, SPI 0xD69313B6
Rule ID: 0xCD489970
IPSEC: Completed outbound outer SPD rule, SPI 0xD69313B6
Rule ID: 0xCD4899F8
IPSEC: New inbound tunnel flow rule, SPI 0xADBC899B
Src addr: 195.229.90.21
Src mask: 255.255.255.255
Dst addr: 10.10.20.2
Dst mask: 255.255.255.255
Src ports
Upper: 0
Lower: 0
Op : ignore
Dst ports
Upper: 1701
Lower: 1701
Op : equal
Protocol: 17
Use protocol: true
SPI: 0x00000000
Use SPI: false
IPSEC: Completed inbound tunnel flow rule, SPI 0xADBC899B
Rule ID: 0xC92B0518
IPSEC: New inbound decrypt rule, SPI 0xADBC899B
Src addr: 195.229.90.21
Src mask: 255.255.255.255
Dst addr: 10.10.20.2
Dst mask: 255.255.255.255
Src ports
Upper: 4500
Lower: 4500
Op : equal
Dst ports
Upper: 4500
Lower: 4500
Op : equal
Protocol: 17
Use protocol: true
SPI: 0x00000000
Use SPI: false
IPSEC: Completed inbound decrypt rule, SPI 0xADBC899B
Rule ID: 0xCD3CD1A8
IPSEC: New inbound permit rule, SPI 0xADBC899B
Src addr: 195.229.90.21
Src mask: 255.255.255.255
Dst addr: 10.10.20.2
Dst mask: 255.255.255.255
Src ports
Upper: 4500
Lower: 4500
Op : equal
Dst ports
Upper: 4500
Lower: 4500
Op : equal
Protocol: 17
Use protocol: true
SPI: 0x00000000
Use SPI: false
IPSEC: Completed inbound permit rule, SPI 0xADBC899B
Rule ID: 0xCD03D6F0
IPSEC: New embryonic SA created @ 0xCD51AC70,
SCB: 0xCD51ABC0,
Direction: inbound
SPI : 0x89796CE7
Session ID: 0x0000E000
VPIF num : 0x00000001
Tunnel type: ra
Protocol : esp
Lifetime : 240 seconds
IPSEC: New embryonic SA created @ 0xCD488538,
SCB: 0xCD488D48,
Direction: outbound
SPI : 0xEF66E002
Session ID: 0x0000E000
VPIF num : 0x00000001
Tunnel type: ra
Protocol : esp
Lifetime : 240 seconds
IPSEC: Completed host OBSA update, SPI 0xEF66E002
IPSEC: Completed outbound VPN context, SPI 0xEF66E002
VPN handle: 0x00037A0C
IPSEC: New outbound encrypt rule, SPI 0xEF66E002
Src addr: 10.10.20.2
Src mask: 255.255.255.255
Dst addr: 195.229.90.21
Dst mask: 255.255.255.255
Src ports
Upper: 1701
Lower: 1701
Op : equal
Dst ports
Upper: 4500
Lower: 4500
Op : equal
Protocol: 17
Use protocol: true
SPI: 0x00000000
Use SPI: false
IPSEC: Completed outbound encrypt rule, SPI 0xEF66E002
Rule ID: 0xCD488948
IPSEC: New outbound permit rule, SPI 0xEF66E002
Src addr: 10.10.20.2
Src mask: 255.255.255.255
Dst addr: 195.229.90.21
Dst mask: 255.255.255.255
Src ports
Upper: 4500
Lower: 4500
Op : equal
Dst ports
Upper: 4500
Lower: 4500
Op : equal
Protocol: 17
Use protocol: true
SPI: 0x00000000
Use SPI: false
IPSEC: Completed outbound permit rule, SPI 0xEF66E002
Rule ID: 0xCD51BEE0
IPSEC: Completed host IBSA update, SPI 0x89796CE7
IPSEC: Completed inbound VPN context, SPI 0x89796CE7
VPN handle: 0x0003864C
IPSEC: Completed outbound VPN context, SPI 0xEF66E002
VPN handle: 0x00037A0C
IPSEC: Completed outbound inner SPD rule, SPI 0xEF66E002
Rule ID: 0xCD488948
IPSEC: Completed outbound outer SPD rule, SPI 0xEF66E002
Rule ID: 0xCD51BEE0
IPSEC: New inbound tunnel flow rule, SPI 0x89796CE7
Src addr: 195.229.90.21
Src mask: 255.255.255.255
Dst addr: 10.10.20.2
Dst mask: 255.255.255.255
Src ports
Upper: 0
Lower: 0
Op : ignore
Dst ports
Upper: 1701
Lower: 1701
Op : equal
Protocol: 17
Use protocol: true
SPI: 0x00000000
Use SPI: false
IPSEC: Completed inbound tunnel flow rule, SPI 0x89796CE7
Rule ID: 0xCD51C6F0
IPSEC: New inbound decrypt rule, SPI 0x89796CE7
Src addr: 195.229.90.21
Src mask: 255.255.255.255
Dst addr: 10.10.20.2
Dst mask: 255.255.255.255
Src ports
Upper: 4500
Lower: 4500
Op : equal
Dst ports
Upper: 4500
Lower: 4500
Op : equal
Protocol: 17
Use protocol: true
SPI: 0x00000000
Use SPI: false
IPSEC: Completed inbound decrypt rule, SPI 0x89796CE7
Rule ID: 0xCD487CC8
IPSEC: New inbound permit rule, SPI 0x89796CE7
Src addr: 195.229.90.21
Src mask: 255.255.255.255
Dst addr: 10.10.20.2
Dst mask: 255.255.255.255
Src ports
Upper: 4500
Lower: 4500
Op : equal
Dst ports
Upper: 4500
Lower: 4500
Op : equal
Protocol: 17
Use protocol: true
SPI: 0x00000000
Use SPI: false
IPSEC: Completed inbound permit rule, SPI 0x89796CE7
Rule ID: 0xCD487E68
EQ-INTFW01#
-->QM_BLD_MSG2, EV_HASH_OK-->QM_BLD_MSG2, NullEvent-->QM_BLD_MSG2, EV_COMP_HASH-->QM_BLD_MSG2, EV_VALIDATE_MSG
Apr 04 14:59:48 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, sending delete/delete with reason message
Apr 04 14:59:48 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, Removing peer from correlator table failed, no match!
Apr 04 14:59:57 [IKEv1 DECODE]: IP = 195.229.90.21, IKE Responder starting QM: msg id = 00000003
Apr 04 14:59:57 [IKEv1]: IP = 195.229.90.21, IKE_DECODE RECEIVED Message (msgid=3) with payloads : HDR + HASH (8) + SA (1) +
NONCE (10) + ID (5) + ID (5) + NAT-OA (21) + NAT-OA (21) + NONE (0) total length : 324
Apr 04 14:59:57 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing hash payload
Apr 04 14:59:57 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing SA payload
Apr 04 14:59:57 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing nonce payload
Apr 04 14:59:57 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing ID payload
Apr 04 14:59:57 [IKEv1 DECODE]: Group = DefaultRAGroup, IP = 195.229.90.21, ID_IPV4_ADDR ID received
10.1.100.79
Apr 04 14:59:57 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, Received remote Proxy Host data in ID Payload: Address
195.229.90.21, Protocol 17, Port 0
Apr 04 14:59:57 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing ID payload
Apr 04 14:59:57 [IKEv1 DECODE]: Group = DefaultRAGroup, IP = 195.229.90.21, ID_IPV4_ADDR ID received
185.78.161.254
Apr 04 14:59:57 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, Received local Proxy Host data in ID Payload: Address 1
0.10.20.2, Protocol 17, Port 1701
Apr 04 14:59:57 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, L2TP/IPSec session detected.
Apr 04 14:59:57 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing NAT-Original-Address payload
Apr 04 14:59:57 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing NAT-Original-Address payload
Apr 04 14:59:57 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, QM IsRekeyed sa already being rekeyed
Apr 04 14:59:57 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, QM FSM error (P2 struct &0xcd515f40, mess id 0x3)!
Apr 04 14:59:57 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, IKE QM Responder FSM error history (struct &0xcd51
5f40) <state>, <event>: QM_DONE, EV_ERROR-->QM_BLD_MSG2, EV_IS_REKEY-->QM_BLD_MSG2, EV_CONFIRM_SA-->QM_BLD_MSG2, EV_PROC_MS
G-->QM_BLD_MSG2, EV_HASH_OK-->QM_BLD_MSG2, NullEvent-->QM_BLD_MSG2, EV_COMP_HASH-->QM_BLD_MSG2, EV_VALIDATE_MSG
Apr 04 14:59:57 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, sending delete/delete with reason message
Apr 04 14:59:57 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, Removing peer from correlator table failed, no match!
Apr 04 15:00:08 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, sending delete/delete with reason message
Apr 04 15:00:08 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, constructing blank hash payload
Apr 04 15:00:08 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, constructing IPSec delete payload
Apr 04 15:00:08 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, constructing qm hash payload
Apr 04 15:00:08 [IKEv1]: IP = 195.229.90.21, IKE_DECODE SENDING Message (msgid=64ea9549) with payloads : HDR + HASH (8) + DEL
ETE (12) + NONE (0) total length : 68
Apr 04 15:00:08 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, Active unit receives a centry expired event for re
mote peer 195.229.90.21.
Apr 04 15:00:08 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, IKE Deleting SA: Remote Proxy 195.229.90.21, Local
Proxy 10.10.20.2
Apr 04 15:00:08 [IKEv1 DEBUG]: Pitcher: received key delete msg, spi 0x321170a2
Apr 04 15:00:11 [IKEv1]: IP = 195.229.90.21, IKE_DECODE RECEIVED Message (msgid=d28ee0e6) with payloads : HDR + HASH (8) + DE
LETE (12) + NONE (0) total length : 68
Apr 04 15:00:11 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing hash payload
Apr 04 15:00:11 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing delete
Apr 04 15:00:11 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, Connection terminated for peer . Reason: Peer Terminate
Remote Proxy 195.229.90.21, Local Proxy 10.10.20.2
Apr 04 15:00:11 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, Active unit receives a delete event for remote pee
r 195.229.90.21.
Apr 04 15:00:11 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, IKE Deleting SA: Remote Proxy 195.229.90.21, Local
Proxy 10.10.20.2
Apr 04 15:00:11 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, IKE SA MM:a32eab27 rcv'd Terminate: state MM_ACTIV
E flags 0x00000042, refcnt 1, tuncnt 0
Apr 04 15:00:11 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, IKE SA MM:a32eab27 terminating: flags 0x01000002,
refcnt 0, tuncnt 0
Apr 04 15:00:11 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, sending delete/delete with reason message
Apr 04 15:00:11 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, constructing blank hash payload
Apr 04 15:00:11 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, constructing IKE delete payload
Apr 04 15:00:11 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, constructing qm hash payload
Apr 04 15:00:11 [IKEv1]: IP = 195.229.90.21, IKE_DECODE SENDING Message (msgid=e5c290b6) with payloads : HDR + HASH (8) + DEL
ETE (12) + NONE (0) total length : 80
Apr 04 15:00:11 [IKEv1 DEBUG]: Pitcher: received key delete msg, spi 0xc9c523ea
Apr 04 15:00:11 [IKEv1 DEBUG]: Pitcher: received key delete msg, spi 0xc9c523ea
Apr 04 15:00:11 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, Session is being torn down. Reason: User Requested
Apr 04 15:00:11 [IKEv1]: Ignoring msg to mark SA with dsID 36864 dead because SA deleted
Apr 04 15:00:11 [IKEv1]: IP = 195.229.90.21, Received encrypted packet with no matching SA, dropping
!
Solved! Go to Solution.
- Labels:
-
VPN
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-05-2016 08:48 AM
Glad that the issue is resolved !
Please mark the thread as answered to benefit other community members.
Regards,
Dinesh Moudgil
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-04-2016 05:33 AM
Hello,
Phase 1 is getting completed and QM FSM error indicates the issue with transform-set and/or crypto access-list .
Please try using ESP-3DES and ESP-SHA-HMAC for transform set and let us know how it fares.
You might as well try using PAP as authentication.
Here is a document for your reference:-
https://supportforums.cisco.com/document/12375996/configure-l2tp-over-ipsec-using-cisco-asa-84-and-local-authentication
Regards,
Dinesh Moudgil
P.S. Please rate helpful posts.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-04-2016 05:52 AM
Hi Dinesh
Its already using the same
crypto ipsec transform-set trans esp-3des esp-sha-hmac
crypto ipsec transform-set trans mode transport
regarding cypto acl,we have just a split acl in default group policy
tried with pap but not working still
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-04-2016 06:11 AM
If you see the logs .PH1 and PH2 (no ip is assined from the pool and shows 0.0.0.0 ) .its completed and automaticaly disconnecting and L2tp client side reconnecting .
[IKEv1]: Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2
r 04 14:59:36 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, QM IsRekeyed old sa not found by addr
Apr 04 14:59:41 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, QM IsRekeyed sa already being rekeyed
Apr 04 14:59:41 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, QM FSM error (P2 struct &0xcd5159c8, mess id 0x3)!
Apr 04 14:59:41 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, IKE QM Responder FSM error history (struct &0xcd51
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-04-2016 06:24 AM
Can you try using credentials with "
username cisco password cisco
Regards,
Dinesh Moudgil
P.S. Please rate helpful posts.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-04-2016 06:42 AM
when applied that command you have metioend ,It went first throuhg going through username and password prompt with diffrent error (attahced) this was not coming earlier :
Error:691
now weh tried second time again 781 error same as before!
in the group policy we are using
username cisco password KCtylQW00ARN6mbi93ijmA== nt-encrypted
username cisco attributes
vpn-tunnel-protocol l2tp-ipsec
service-type remote-access
tunnel-group DefaultL2LGroup ipsec-attributes
pre-shared-key *****
tunnel-group DefaultRAGroup general-attributes
address-pool vpngroup
default-group-policy DefaultRAGroup
password-management password-expire-in-days 30
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key *****
tunnel-group DefaultRAGroup ppp-attributes
authentication ms-chap-v2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-04-2016 10:27 AM
Hi,
Try using another Phase 2 transform-set.
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA mode transport
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 mode transport
crypto dynamic-map dyno 10 set transform-set transp ESP-3DES-MD5 ESP-3DES-SHA
Regards,
Aditya
Please rate helpful posts and mark correct answers.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-05-2016 03:35 AM
Hi I have tried those but still not working
Just wanted to know is there any limitation for L2TP is the terminateion device is is behind NAT router (public IP of L2tp) is configured on router and nat is done with ASA outside interface (behind this router private IP).
below is the configuration .
EQ-INTFW01# sh run cry
EQ-INTFW01# sh run crypto
crypto ipsec transform-set trans esp-3des esp-sha-hmac
crypto ipsec transform-set trans mode transport
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA mode transport
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 mode transport
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map dyno 10 set transform-set trans ESP-3DES-MD5 ESP-3DES-SH
crypto map vpn 65535 ipsec-isakmp dynamic dyno
crypto map vpn interface outside
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 1
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp nat-traversal 3600
EQ-INTFW01# conf t
EQ-INTFW01(config)# cry
EQ-INTFW01(config)# crypto isa
EQ-INTFW01(config)# crypto isakmp pol
EQ-INTFW01(config)# crypto isakmp policy 1
EQ-INTFW01(config-isakmp-policy)# has
EQ-INTFW01(config-isakmp-policy)# hash md
EQ-INTFW01(config-isakmp-policy)# hash md5
EQ-INTFW01(config-isakmp-policy)# gr
EQ-INTFW01(config-isakmp-policy)# group 5
EQ-INTFW01(config-isakmp-policy)# group 2
EQ-INTFW01(config-isakmp-policy)# hash sha
EQ-INTFW01(config-isakmp-policy)# hash sha ?
crypto-isakmp-policy mode commands/options:
<cr>
EQ-INTFW01(config-isakmp-policy)# hash sha
EQ-INTFW01(config-isakmp-policy)#
EQ-INTFW01# sh run cry
EQ-INTFW01# sh run crypto
crypto ipsec transform-set trans esp-3des esp-sha-hmac
crypto ipsec transform-set trans mode transport
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA mode transport
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 mode transport
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map dyno 10 set transform-set trans ESP-3DES-MD5 ESP-3DES-SHA
crypto map vpn 65535 ipsec-isakmp dynamic dyno
crypto map vpn interface outside
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 1
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp nat-traversal 3600
========================
group-policy DefaultRAGroup internal
group-policy DefaultRAGroup attributes
dns-server value 10.1.16.11
vpn-tunnel-protocol l2tp-ipsec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value SPLIT-TUNNEL
default-domain value gbm.local
group-policy DefaultRAGroup_1 internal
=================================
tunnel-group DefaultRAGroup general-attributes
address-pool vpngroup
default-group-policy DefaultRAGroup
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key *****
tunnel-group DefaultRAGroup ppp-attributes
no authentication chap
authentication ms-chap-v2
username cisco password KCtylQW00ARN6mbi93ijmA== nt-encrypted privilege 15
==============
Latest Debug Logs
Apr 05 14:25:35 [IKEv1]: IP = 195.229.90.21, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) +
VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 38
4
Apr 05 14:25:35 [IKEv1 DEBUG]: IP = 195.229.90.21, processing SA payload
Apr 05 14:25:35 [IKEv1]: Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Gr
oup 2
Apr 05 14:25:35 [IKEv1]: Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Gr
oup 2
Apr 05 14:25:35 [IKEv1 DEBUG]: IP = 195.229.90.21, Oakley proposal is acceptable
Apr 05 14:25:35 [IKEv1 DEBUG]: IP = 195.229.90.21, processing VID payload
Apr 05 14:25:35 [IKEv1 DEBUG]: IP = 195.229.90.21, processing VID payload
Apr 05 14:25:35 [IKEv1 DEBUG]: IP = 195.229.90.21, Received NAT-Traversal RFC VID
Apr 05 14:25:35 [IKEv1 DEBUG]: IP = 195.229.90.21, processing VID payload
Apr 05 14:25:35 [IKEv1 DEBUG]: IP = 195.229.90.21, Received NAT-Traversal ver 02 VID
Apr 05 14:25:35 [IKEv1 DEBUG]: IP = 195.229.90.21, processing VID payload
Apr 05 14:25:35 [IKEv1 DEBUG]: IP = 195.229.90.21, Received Fragmentation VID
Apr 05 14:25:35 [IKEv1 DEBUG]: IP = 195.229.90.21, processing VID payload
Apr 05 14:25:35 [IKEv1 DEBUG]: IP = 195.229.90.21, processing VID payload
Apr 05 14:25:35 [IKEv1 DEBUG]: IP = 195.229.90.21, processing VID payload
Apr 05 14:25:35 [IKEv1 DEBUG]: IP = 195.229.90.21, processing IKE SA payload
Apr 05 14:25:35 [IKEv1]: Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Gr
oup 2
Apr 05 14:25:35 [IKEv1]: Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Gr
oup 2
Apr 05 14:25:35 [IKEv1 DEBUG]: IP = 195.229.90.21, IKE SA Proposal # 1, Transform # 5 acceptable Matches global IKE entry #
1
Apr 05 14:25:35 [IKEv1 DEBUG]: IP = 195.229.90.21, constructing ISAKMP SA payload
Apr 05 14:25:35 [IKEv1 DEBUG]: IP = 195.229.90.21, constructing NAT-Traversal VID ver RFC payload
Apr 05 14:25:35 [IKEv1 DEBUG]: IP = 195.229.90.21, constructing Fragmentation VID + extended capabilities payload
Apr 05 14:25:35 [IKEv1]: IP = 195.229.90.21, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13)
+ VENDOR (13) + NONE (0) total length : 124
Apr 05 14:25:35 [IKEv1]: IP = 195.229.90.21, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10)
+ NAT-D (20) + NAT-D (20) + NONE (0) total length : 260
Apr 05 14:25:35 [IKEv1 DEBUG]: IP = 195.229.90.21, processing ke payload
Apr 05 14:25:35 [IKEv1 DEBUG]: IP = 195.229.90.21, processing ISA_KE payload
Apr 05 14:25:35 [IKEv1 DEBUG]: IP = 195.229.90.21, processing nonce payload
Apr 05 14:25:35 [IKEv1 DEBUG]: IP = 195.229.90.21, processing NAT-Discovery payload
Apr 05 14:25:35 [IKEv1 DEBUG]: IP = 195.229.90.21, computing NAT Discovery hash
Apr 05 14:25:35 [IKEv1 DEBUG]: IP = 195.229.90.21, processing NAT-Discovery payload
Apr 05 14:25:35 [IKEv1 DEBUG]: IP = 195.229.90.21, computing NAT Discovery hash
Apr 05 14:25:35 [IKEv1 DEBUG]: IP = 195.229.90.21, constructing ke payload
Apr 05 14:25:35 [IKEv1 DEBUG]: IP = 195.229.90.21, constructing nonce payload
Apr 05 14:25:35 [IKEv1 DEBUG]: IP = 195.229.90.21, constructing Cisco Unity VID payload
Apr 05 14:25:35 [IKEv1 DEBUG]: IP = 195.229.90.21, constructing xauth V6 VID payload
Apr 05 14:25:35 [IKEv1 DEBUG]: IP = 195.229.90.21, Send IOS VID
Apr 05 14:25:35 [IKEv1 DEBUG]: IP = 195.229.90.21, Constructing ASA spoofing IOS Vendor ID payload (version: 1.0.0, capabilit
ies: 20000001)
Apr 05 14:25:35 [IKEv1 DEBUG]: IP = 195.229.90.21, constructing VID payload
Apr 05 14:25:35 [IKEv1 DEBUG]: IP = 195.229.90.21, Send Altiga/Cisco VPN3000/Cisco ASA GW VID
Apr 05 14:25:35 [IKEv1 DEBUG]: IP = 195.229.90.21, constructing NAT-Discovery payload
Apr 05 14:25:35 [IKEv1 DEBUG]: IP = 195.229.90.21, computing NAT Discovery hash
Apr 05 14:25:35 [IKEv1 DEBUG]: IP = 195.229.90.21, constructing NAT-Discovery payload
Apr 05 14:25:35 [IKEv1 DEBUG]: IP = 195.229.90.21, computing NAT Discovery hash
Apr 05 14:25:35 [IKEv1]: IP = 195.229.90.21, Connection landed on tunnel_group DefaultRAGroup
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, Generating keys for Responder...
Apr 05 14:25:35 [IKEv1]: IP = 195.229.90.21, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) +
VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NAT-D (20) + NAT-D (20) + NONE (0) total length : 304
Apr 05 14:25:35 [IKEv1]: IP = 195.229.90.21, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + ID (5) + HASH (8) +
NONE (0) total length : 64
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing ID payload
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing hash payload
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, Computing hash for ISAKMP
Apr 05 14:25:35 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, Automatic NAT Detection Status: Remote end IS be
hind a NAT device This end IS behind a NAT device
Apr 05 14:25:35 [IKEv1]: IP = 195.229.90.21, Connection landed on tunnel_group DefaultRAGroup
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, constructing ID payload
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, constructing hash payload
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, Computing hash for ISAKMP
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, constructing dpd vid payload
Apr 05 14:25:35 [IKEv1]: IP = 195.229.90.21, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + ID (5) + HASH (8) + V
ENDOR (13) + NONE (0) total length : 84
Apr 05 14:25:35 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, PHASE 1 COMPLETED
Apr 05 14:25:35 [IKEv1]: IP = 195.229.90.21, Keep-alive type for this connection: None
Apr 05 14:25:35 [IKEv1]: IP = 195.229.90.21, Keep-alives configured on but peer does not support keep-alives (type = None)
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, Starting P1 rekey timer: 21600 seconds.
Apr 05 14:25:35 [IKEv1]: IP = 195.229.90.21, IKE_DECODE RECEIVED Message (msgid=1) with payloads : HDR + HASH (8) + SA (1) +
NONCE (10) + ID (5) + ID (5) + NAT-OA (21) + NAT-OA (21) + NONE (0) total length : 324
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing hash payload
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing SA payload
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing nonce payload
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing ID payload
Apr 05 14:25:35 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, Received remote Proxy Host data in ID Payload: Address
10.1.100.79, Protocol 17, Port 1701
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing ID payload
Apr 05 14:25:35 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, Received local Proxy Host data in ID Payload: Address 1
85.78.161.254, Protocol 17, Port 1701
Apr 05 14:25:35 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, L2TP/IPSec session detected.
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing NAT-Original-Address payload
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing NAT-Original-Address payload
Apr 05 14:25:35 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, QM IsRekeyed old sa not found by addr
Apr 05 14:25:35 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, Static Crypto Map check, map dyno, seq = 10 is a success
ful match
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, Selecting only UDP-Encapsulated-Tunnel and UDP-En
capsulated-Transport modes defined by NAT-Traversal
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, Selecting only UDP-Encapsulated-Tunnel and UDP-En
capsulated-Transport modes defined by NAT-Traversal
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, Selecting only UDP-Encapsulated-Tunnel and UDP-En
capsulated-Transport modes defined by NAT-Traversal
Apr 05 14:25:35 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, IKE Remote Peer configured for crypto map: dyno
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing IPSec SA payload
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, IPSec SA Proposal # 2, Transform # 1 acceptable M
atches global IPSec SA entry # 10
Apr 05 14:25:35 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, IKE: requesting SPI!
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, IKE got SPI from key engine: SPI = 0xee9fa74c
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, oakley constucting quick mode
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, constructing blank hash payload
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, constructing IPSec SA payload
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, constructing IPSec nonce payload
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, constructing proxy ID
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, Transmitting Proxy Id:
Remote host: 195.229.90.21 Protocol 17 Port 0
Local host: 10.10.20.2 Protocol 17 Port 1701
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, constructing NAT-Original-Address payload
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, constructing NAT-Original-Address payload
Apr 05 14:25:35 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, NAT-Traversal sending NAT-Original-Address payload
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, constructing qm hash payload
Apr 05 14:25:35 [IKEv1]: IP = 195.229.90.21, IKE_DECODE SENDING Message (msgid=1) with payloads : HDR + HASH (8) + SA (1) + N
ONCE (10) + ID (5) + ID (5) + NAT-OA (21) + NAT-OA (21) + NONE (0) total length : 184
Apr 05 14:25:35 [IKEv1]: IP = 195.229.90.21, IKE_DECODE RECEIVED Message (msgid=1) with payloads : HDR + HASH (8) + NONE (0)
total length : 52
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing hash payload
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, loading all IPSEC SAs
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, Generating Quick Mode Key!
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, NP encrypt rule look up for crypto map dyno 10 mat
ching ACL Unknown: returned cs_id=ccf1ac00; rule=00000000
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, Generating Quick Mode Key!
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, NP encrypt rule look up for crypto map dyno 10 mat
ching ACL Unknown: returned cs_id=ccf1ac00; rule=00000000
Apr 05 14:25:35 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, Security negotiation complete for User () Responder, In
bound SPI = 0xee9fa74c, Outbound SPI = 0xddd5671d
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, IKE got a KEY_ADD msg for SA: SPI = 0xddd5671d
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, Pitcher: received KEY_UPDATE, spi 0xee9fa74c
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, Starting P2 rekey timer: 3060 seconds.
Apr 05 14:25:35 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, PHASE 2 COMPLETED (msgid=00000001)
Apr 05 14:25:35 [IKEv1]: IKEQM_Active() Add L2TP classification rules: ip <195.229.90.21> mask <0xFFFFFFFF> port <4500>
Apr 05 14:25:35 [IKEv1]: IP = 195.229.90.21, IKE_DECODE RECEIVED Message (msgid=2) with payloads : HDR + HASH (8) + SA (1) +
NONCE (10) + ID (5) + ID (5) + NAT-OA (21) + NAT-OA (21) + NONE (0) total length : 324
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing hash payload
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing SA payload
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing nonce payload
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing ID payload
Apr 05 14:25:35 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, Received remote Proxy Host data in ID Payload: Address
195.229.90.21, Protocol 17, Port 0
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing ID payload
Apr 05 14:25:35 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, Received local Proxy Host data in ID Payload: Address 1
0.10.20.2, Protocol 17, Port 1701
Apr 05 14:25:35 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, L2TP/IPSec session detected.
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing NAT-Original-Address payload
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing NAT-Original-Address payload
Apr 05 14:25:35 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, Static Crypto Map check, map dyno, seq = 10 is a success
ful match
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, Selecting only UDP-Encapsulated-Tunnel and UDP-En
capsulated-Transport modes defined by NAT-Traversal
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, Selecting only UDP-Encapsulated-Tunnel and UDP-En
capsulated-Transport modes defined by NAT-Traversal
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, Selecting only UDP-Encapsulated-Tunnel and UDP-En
capsulated-Transport modes defined by NAT-Traversal
Apr 05 14:25:35 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, IKE Remote Peer configured for crypto map: dyno
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing IPSec SA payload
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, IPSec SA Proposal # 2, Transform # 1 acceptable M
atches global IPSec SA entry # 10
Apr 05 14:25:35 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, IKE: requesting SPI!
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, Active unit process rekey delete event for remote
peer 195.229.90.21.
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, IKE got SPI from key engine: SPI = 0x02d2d55e
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, oakley constucting quick mode
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, constructing blank hash payload
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, constructing IPSec SA payload
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, constructing IPSec nonce payload
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, constructing proxy ID
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, Transmitting Proxy Id:
Remote host: 195.229.90.21 Protocol 17 Port 0
Local host: 10.10.20.2 Protocol 17 Port 1701
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, constructing NAT-Original-Address payload
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, constructing NAT-Original-Address payload
Apr 05 14:25:35 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, NAT-Traversal sending NAT-Original-Address payload
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, constructing qm hash payload
Apr 05 14:25:35 [IKEv1]: IP = 195.229.90.21, IKE_DECODE SENDING Message (msgid=2) with payloads : HDR + HASH (8) + SA (1) + N
ONCE (10) + ID (5) + ID (5) + NAT-OA (21) + NAT-OA (21) + NONE (0) total length : 184
Apr 05 14:25:35 [IKEv1]: IP = 195.229.90.21, IKE_DECODE RECEIVED Message (msgid=2) with payloads : HDR + HASH (8) + NONE (0)
total length : 52
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing hash payload
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, loading all IPSEC SAs
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, Generating Quick Mode Key!
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, NP encrypt rule look up for crypto map dyno 10 mat
ching ACL Unknown: returned cs_id=ccf1ac00; rule=00000000
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, Generating Quick Mode Key!
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, NP encrypt rule look up for crypto map dyno 10 mat
ching ACL Unknown: returned cs_id=ccf1ac00; rule=00000000
Apr 05 14:25:35 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, Security negotiation complete for User () Responder, In
bound SPI = 0x02d2d55e, Outbound SPI = 0x5c792862
Apr 05 14:25:35 [IKEv1]: IP = 195.229.90.21, IKE_DECODE RECEIVED Message (msgid=913268e9) with payloads : HDR + HASH (8) + DE
LETE (12) + NONE (0) total length : 68
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing hash payload
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing delete
Apr 05 14:25:35 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, IKE Received delete for rekeyed centry IKE peer: 195.22
9.90.21, centry addr: cd3d7328, msgid: 0x00000001
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, L2TP/IPSec: Ignoring delete to a rekeyed centry (m
sgid=1)
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, IKE got a KEY_ADD msg for SA: SPI = 0x5c792862
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, Pitcher: received KEY_UPDATE, spi 0x2d2d55e
Apr 05 14:25:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, Starting P2 rekey timer: 3060 seconds.
Apr 05 14:25:35 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, PHASE 2 COMPLETED (msgid=00000002)
Apr 05 14:25:38 [IKEv1]: IP = 195.229.90.21, IKE_DECODE RECEIVED Message (msgid=3) with payloads : HDR + HASH (8) + SA (1) +
NONCE (10) + ID (5) + ID (5) + NAT-OA (21) + NAT-OA (21) + NONE (0) total length : 324
Apr 05 14:25:38 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing hash payload
Apr 05 14:25:38 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing SA payload
Apr 05 14:25:38 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing nonce payload
Apr 05 14:25:38 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing ID payload
Apr 05 14:25:38 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, Received remote Proxy Host data in ID Payload: Address
195.229.90.21, Protocol 17, Port 0
Apr 05 14:25:38 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing ID payload
Apr 05 14:25:38 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, Received local Proxy Host data in ID Payload: Address 1
0.10.20.2, Protocol 17, Port 1701
Apr 05 14:25:38 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, L2TP/IPSec session detected.
Apr 05 14:25:38 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing NAT-Original-Address payload
Apr 05 14:25:38 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing NAT-Original-Address payload
Apr 05 14:25:38 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, QM IsRekeyed sa already being rekeyed
Apr 05 14:25:38 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, QM FSM error (P2 struct &0xcd4889c8, mess id 0x3)!
Apr 05 14:25:38 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, IKE QM Responder FSM error history (struct &0xcd48
89c8) <state>, <event>: QM_DONE, EV_ERROR-->QM_BLD_MSG2, EV_IS_REKEY-->QM_BLD_MSG2, EV_CONFIRM_SA-->QM_BLD_MSG2, EV_PROC_MS
G-->QM_BLD_MSG2, EV_HASH_OK-->QM_BLD_MSG2, NullEvent-->QM_BLD_MSG2, EV_COMP_HASH-->QM_BLD_MSG2, EV_VALIDATE_MSG
Apr 05 14:25:38 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, sending delete/delete with reason message
Apr 05 14:25:38 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, Removing peer from correlator table failed, no match!
Apr 05 14:25:40 [IKEv1]: IP = 195.229.90.21, IKE_DECODE RECEIVED Message (msgid=3) with payloads : HDR + HASH (8) + SA (1) +
NONCE (10) + ID (5) + ID (5) + NAT-OA (21) + NAT-OA (21) + NONE (0) total length : 324
Apr 05 14:25:40 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing hash payload
Apr 05 14:25:40 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing SA payload
Apr 05 14:25:40 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing nonce payload
Apr 05 14:25:40 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing ID payload
Apr 05 14:25:40 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, Received remote Proxy Host data in ID Payload: Address
195.229.90.21, Protocol 17, Port 0
Apr 05 14:25:40 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing ID payload
Apr 05 14:25:40 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, Received local Proxy Host data in ID Payload: Address 1
0.10.20.2, Protocol 17, Port 1701
Apr 05 14:25:40 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, L2TP/IPSec session detected.
Apr 05 14:25:40 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing NAT-Original-Address payload
Apr 05 14:25:40 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing NAT-Original-Address payload
Apr 05 14:25:40 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, QM IsRekeyed sa already being rekeyed
Apr 05 14:25:40 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, QM FSM error (P2 struct &0xcd4889c8, mess id 0x3)!
Apr 05 14:25:40 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, IKE QM Responder FSM error history (struct &0xcd48
89c8) <state>, <event>: QM_DONE, EV_ERROR-->QM_BLD_MSG2, EV_IS_REKEY-->QM_BLD_MSG2, EV_CONFIRM_SA-->QM_BLD_MSG2, EV_PROC_MS
G-->QM_BLD_MSG2, EV_HASH_OK-->QM_BLD_MSG2, NullEvent-->QM_BLD_MSG2, EV_COMP_HASH-->QM_BLD_MSG2, EV_VALIDATE_MSG
Apr 05 14:25:40 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, sending delete/delete with reason message
Apr 05 14:25:40 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, Removing peer from correlator table failed, no match!
Apr 05 14:25:43 [IKEv1]: IP = 195.229.90.21, IKE_DECODE RECEIVED Message (msgid=3) with payloads : HDR + HASH (8) + SA (1) +
NONCE (10) + ID (5) + ID (5) + NAT-OA (21) + NAT-OA (21) + NONE (0) total length : 324
Apr 05 14:25:43 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing hash payload
Apr 05 14:25:43 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing SA payload
Apr 05 14:25:43 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing nonce payload
Apr 05 14:25:43 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing ID payload
Apr 05 14:25:43 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, Received remote Proxy Host data in ID Payload: Address
195.229.90.21, Protocol 17, Port 0
Apr 05 14:25:43 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing ID payload
Apr 05 14:25:43 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, Received local Proxy Host data in ID Payload: Address 1
0.10.20.2, Protocol 17, Port 1701
Apr 05 14:25:43 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, L2TP/IPSec session detected.
Apr 05 14:25:43 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing NAT-Original-Address payload
Apr 05 14:25:43 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing NAT-Original-Address payload
Apr 05 14:25:43 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, QM IsRekeyed sa already being rekeyed
Apr 05 14:25:43 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, QM FSM error (P2 struct &0xcd4889c8, mess id 0x3)!
Apr 05 14:25:43 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, IKE QM Responder FSM error history (struct &0xcd48
89c8) <state>, <event>: QM_DONE, EV_ERROR-->QM_BLD_MSG2, EV_IS_REKEY-->QM_BLD_MSG2, EV_CONFIRM_SA-->QM_BLD_MSG2, EV_PROC_MS
G-->QM_BLD_MSG2, EV_HASH_OK-->QM_BLD_MSG2, NullEvent-->QM_BLD_MSG2, EV_COMP_HASH-->QM_BLD_MSG2, EV_VALIDATE_MSG
Apr 05 14:25:43 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, sending delete/delete with reason message
Apr 05 14:25:43 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, Removing peer from correlator table failed, no match!
Apr 05 14:25:47 [IKEv1]: IP = 195.229.90.21, IKE_DECODE RECEIVED Message (msgid=3) with payloads : HDR + HASH (8) + SA (1) +
NONCE (10) + ID (5) + ID (5) + NAT-OA (21) + NAT-OA (21) + NONE (0) total length : 324
Apr 05 14:25:47 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing hash payload
Apr 05 14:25:47 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing SA payload
Apr 05 14:25:47 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing nonce payload
Apr 05 14:25:47 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing ID payload
Apr 05 14:25:47 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, Received remote Proxy Host data in ID Payload: Address
195.229.90.21, Protocol 17, Port 0
Apr 05 14:25:47 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing ID payload
Apr 05 14:25:47 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, Received local Proxy Host data in ID Payload: Address 1
0.10.20.2, Protocol 17, Port 1701
Apr 05 14:25:47 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, L2TP/IPSec session detected.
Apr 05 14:25:47 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing NAT-Original-Address payload
Apr 05 14:25:47 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing NAT-Original-Address payload
Apr 05 14:25:47 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, QM IsRekeyed sa already being rekeyed
Apr 05 14:25:47 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, QM FSM error (P2 struct &0xcd51cbe0, mess id 0x3)!
Apr 05 14:25:47 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, IKE QM Responder FSM error history (struct &0xcd51
cbe0) <state>, <event>: QM_DONE, EV_ERROR-->QM_BLD_MSG2, EV_IS_REKEY-->QM_BLD_MSG2, EV_CONFIRM_SA-->QM_BLD_MSG2, EV_PROC_MS
G-->QM_BLD_MSG2, EV_HASH_OK-->QM_BLD_MSG2, NullEvent-->QM_BLD_MSG2, EV_COMP_HASH-->QM_BLD_MSG2, EV_VALIDATE_MSG
Apr 05 14:25:47 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, sending delete/delete with reason message
Apr 05 14:25:47 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, Removing peer from correlator table failed, no match!
Apr 05 14:25:55 [IKEv1]: IP = 195.229.90.21, IKE_DECODE RECEIVED Message (msgid=3) with payloads : HDR + HASH (8) + SA (1) +
NONCE (10) + ID (5) + ID (5) + NAT-OA (21) + NAT-OA (21) + NONE (0) total length : 324
Apr 05 14:25:55 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing hash payload
Apr 05 14:25:55 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing SA payload
Apr 05 14:25:55 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing nonce payload
Apr 05 14:25:55 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing ID payload
Apr 05 14:25:55 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, Received remote Proxy Host data in ID Payload: Address
195.229.90.21, Protocol 17, Port 0
Apr 05 14:25:55 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing ID payload
Apr 05 14:25:55 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, Received local Proxy Host data in ID Payload: Address 1
0.10.20.2, Protocol 17, Port 1701
Apr 05 14:25:55 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, L2TP/IPSec session detected.
Apr 05 14:25:55 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing NAT-Original-Address payload
Apr 05 14:25:55 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing NAT-Original-Address payload
Apr 05 14:25:55 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, QM IsRekeyed sa already being rekeyed
Apr 05 14:25:55 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, QM FSM error (P2 struct &0xcd488cd0, mess id 0x3)!
Apr 05 14:25:55 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, IKE QM Responder FSM error history (struct &0xcd48
8cd0) <state>, <event>: QM_DONE, EV_ERROR-->QM_BLD_MSG2, EV_IS_REKEY-->QM_BLD_MSG2, EV_CONFIRM_SA-->QM_BLD_MSG2, EV_PROC_MS
G-->QM_BLD_MSG2, EV_HASH_OK-->QM_BLD_MSG2, NullEvent-->QM_BLD_MSG2, EV_COMP_HASH-->QM_BLD_MSG2, EV_VALIDATE_MSG
Apr 05 14:25:55 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, sending delete/delete with reason message
Apr 05 14:25:55 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, Removing peer from correlator table failed, no match!
Apr 05 14:26:05 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, sending delete/delete with reason message
Apr 05 14:26:05 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, constructing blank hash payload
Apr 05 14:26:05 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, constructing IPSec delete payload
Apr 05 14:26:05 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, constructing qm hash payload
Apr 05 14:26:05 [IKEv1]: IP = 195.229.90.21, IKE_DECODE SENDING Message (msgid=7d9e646c) with payloads : HDR + HASH (8) + DEL
ETE (12) + NONE (0) total length : 68
Apr 05 14:26:05 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, Active unit receives a centry expired event for re
mote peer 195.229.90.21.
Apr 05 14:26:05 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, IKE Deleting SA: Remote Proxy 195.229.90.21, Local
Proxy 10.10.20.2
Apr 05 14:26:05 [IKEv1 DEBUG]: Pitcher: received key delete msg, spi 0xee9fa74c
Apr 05 14:26:10 [IKEv1]: IP = 195.229.90.21, IKE_DECODE RECEIVED Message (msgid=9614f0e2) with payloads : HDR + HASH (8) + DE
LETE (12) + NONE (0) total length : 68
Apr 05 14:26:10 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing hash payload
Apr 05 14:26:10 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, processing delete
Apr 05 14:26:10 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, Connection terminated for peer . Reason: Peer Terminate
Remote Proxy 195.229.90.21, Local Proxy 10.10.20.2
Apr 05 14:26:10 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, Active unit receives a delete event for remote pee
r 195.229.90.21.
Apr 05 14:26:10 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, IKE Deleting SA: Remote Proxy 195.229.90.21, Local
Proxy 10.10.20.2
Apr 05 14:26:10 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, IKE SA MM:c869a82d rcv'd Terminate: state MM_ACTIV
E flags 0x00000042, refcnt 1, tuncnt 0
Apr 05 14:26:10 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, IKE SA MM:c869a82d terminating: flags 0x01000002,
refcnt 0, tuncnt 0
Apr 05 14:26:10 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, sending delete/delete with reason message
Apr 05 14:26:10 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, constructing blank hash payload
Apr 05 14:26:10 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, constructing IKE delete payload
Apr 05 14:26:10 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 195.229.90.21, constructing qm hash payload
Apr 05 14:26:10 [IKEv1]: IP = 195.229.90.21, IKE_DECODE SENDING Message (msgid=376ab060) with payloads : HDR + HASH (8) + DEL
ETE (12) + NONE (0) total length : 80
Apr 05 14:26:10 [IKEv1 DEBUG]: Pitcher: received key delete msg, spi 0x2d2d55e
Apr 05 14:26:10 [IKEv1 DEBUG]: Pitcher: received key delete msg, spi 0x2d2d55e
Apr 05 14:26:10 [IKEv1]: Group = DefaultRAGroup, IP = 195.229.90.21, Session is being torn down. Reason: User Requested
Apr 05 14:26:10 [IKEv1]: Ignoring msg to mark SA with dsID 450560 dead because SA deleted
Apr 05 14:26:10 [IKEv1]: IP = 195.229.90.21, Received encrypted packet with no matching SA, dropping
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-05-2016 06:18 AM
There were few bugs pertaining to L2TP not working when ASA is behind NAT device but they are junked now.
Refer to Microsoft article: http://support.microsoft.com/kb/926179
and try to tweak the registry key as mentioned above. This should ideally resolve the issue.
Regards,
Dinesh Moudgil
P.S. Please rate helpful posts.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-05-2016 08:42 AM
HIi ,I just saw your post .I did that already in afternoon after some research on net and its working .thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-05-2016 08:48 AM
Glad that the issue is resolved !
Please mark the thread as answered to benefit other community members.
Regards,
Dinesh Moudgil
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide