Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1090
Views
2
Helpful
11
Replies

IKEv2 Negotiation aborted due to ERROR: Detected unsupported failover

gal.avichid
Level 1
Level 1

‎11-12-2023 03:01 PM

Hi

Running ASA 9.8.2, on ASA 5506. 

Created S2S VPN to Cisco 1010.

Getting this error when trying to communicate.

Same 1010 is connected to another 2x ASA 5506, all works well.

Compared 1000 time the configs between the working one and the faulty one.

I have found online its a bug, but there is no solution. (Did reload also)

Any ideas?

Thanks

Labels:
0 Helpful
11 Replies 11

marce1000
VIP
VIP

‎11-13-2023 12:52 AM

 

      >..I have found online its a bug, but there is no solution.
           Then you need to contact Cisco (TAC)

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

MHM Cisco World
VIP
VIP

‎11-13-2023 01:08 AM

share the config here I need to check both 

Thanks A Lot
MHM

0 Helpful

gal.avichid
Level 1
Level 1
In response to MHM Cisco World

‎11-13-2023 01:17 AM

Hi @MHM Cisco World ,

What is the quickest and easiest way to pull the config and share it safely?

I every time stuck with that, and not sure if I am removing the right lines. About time ill ask that.

Thanks

0 Helpful

MHM Cisco World
VIP
VIP
In response to gal.avichid

‎11-13-2023 01:22 AM

share it as text after replace any public IP with random one like 1.1.1.1

Thanks A Lot
MHM

0 Helpful

gal.avichid
Level 1
Level 1
In response to MHM Cisco World

‎11-13-2023 01:41 AM - edited ‎11-13-2023 11:34 AM

@MHM Cisco World Hope its right
Thank you!

@Aref Alsouqi I have tried this one, but still got the same error

0 Helpful

MHM Cisco World
VIP
VIP
In response to gal.avichid

‎11-13-2023 02:08 AM

remove the pfs 19 from the FW. 
it seem the gourp is mismatch 

Thanks A Lot
MHM

0 Helpful

gal.avichid
Level 1
Level 1
In response to MHM Cisco World

‎11-13-2023 02:16 AM

@MHM Cisco World Its was on group 2, which i am not sure why was created.

I have deleted it, and also changed the pfs group 5 (which was a try from the link Aref shared)

still in the same error

0 Helpful

MHM Cisco World
VIP
VIP
In response to gal.avichid

‎11-13-2023 02:19 AM

dont use any pfs 
and after do any change 
clear crypto sa 
clear isakamp sa 

0 Helpful

gal.avichid
Level 1
Level 1
In response to MHM Cisco World

‎11-13-2023 10:28 AM

Still the same.

Any more ideas in your pocket?

0 Helpful

Aref Alsouqi
VIP
VIP

‎11-13-2023 01:31 AM

Not sure if this applies to your case, but someone else suggests that the issue could potentially be the missing configs of PFS:

https://community.cisco.com/t5/vpn/asa5516-9-8-2-ikev2-negotiation-aborted-due-unsupported-failover/td-p/3709427

 

gal.avichid
Level 1
Level 1

‎11-13-2023 11:34 AM

Got it!
My bad - I have set the local IP of my 1010 (Main FW) as part of the objects, which I guess cause the block.

removed it, and its working.

Thank you all!

Customers Also Viewed These Support Documents