Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
939
Views
0
Helpful
1
Replies

Draytek 2820 to ASA 5510 duplicate Phase1 packet detected

erwee1973
Level 1
Level 1

‎10-03-2013 01:08 PM

Hello,

I have a really strange situation. For one of our customers I had to configure a Draytek dsl router to connect to their ASA 5510 at HQ location.

When I configure this, the tunnel doesn't come up. It even doesn't pass Phase1 but gives 2 errors:

duplicate phase1 packet detected

p1 retransmit msg dispatched to MM FSM

Whatever I try, different settings of encryption, lifetimes, Nat-T settings, on both ends, it always ends up like this.

Note: This ASA has already 10 ipsec tunnels to similar Drayteks (the customer runs stores troughout the country, puts a Draytek in every store and asks me to configure the Cisco ASA side. No problem, until today, with the 11th Draytek.

Strange thing is, that when I setup a tunnel from the Draytek to our testlab ASA(5520) there is no problem and the tunnel comes up! Same settings, only this 5520 runs 8.2.2(17) software and the 5510 runs on 8.2.5

Anyone familar with this problem?

Hopefully someone has a clue.

With kind regards,

Ralph

Arnhem, Netherlands

1 person had this problem
Labels:
0 Helpful
1 Reply 1

erwee1973
Level 1
Level 1

‎10-03-2013 01:30 PM

I did try with same software version as the ASA we own 8.2.2.(17), but that didn't solve it.

Also I purged all other tunnel configs and built the tunnel as single tunnel on the ASA -> no success.

WTF is happening

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents