Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
62211
Views
0
Helpful
15
Replies

IPSec VPN to asa 5520

Go to solution
cornmarket
Level 1
Level 1

‎09-24-2010 06:15 AM

Hi,

First of all I have to admit that I'm not very well versed in Cisco gear or IPSEC connections in general so apologies if I'm doing something really obviously stupid, but I have checked through any stuff I could find on the internet about setting up IPSEC VPN.

The setup I have is an asa 5520 firewall (o/s 8.2) which for the moment is connected to a temporary home broadband style internet connection for testing purposes. The netopia router is configured to allow ipsec passthrough and to forward ports UDP 62515, TCP 10000, UDP 4500, UDP 500 to the asa 5520.

I am trying to connein from a laptop with windows firewall turned off and cisco vpn client version 5.0.02.0090.

I have run through the ipsec setup wizard several times trying different options. most of the time nothing comes up in the log to show that a connection has been attempted but there is one way i can set up the options that produces the following on the firewall log:

4|Sep 24 2010|13:54:29|713903|||||Group = VPNtest9, IP = 86.44.x.x, Error: Unable to remove PeerTblEntry

3|Sep 24 2010|13:54:29|713902|||||Group = VPNtest9, IP = 86.44.x.x, Removing peer from peer table failed, no match!

6|Sep 24 2010|13:54:21|713905|||||Group = VPNtest9, IP = 86.44.x.x, P1 Retransmit msg dispatched to AM FSM

5|Sep 24 2010|13:54:21|713201|||||Group = VPNtest9, IP = 86.44.x.x, Duplicate Phase 1 packet detected. Retransmitting last packet.

6|Sep 24 2010|13:54:16|713905|||||Group = VPNtest9, IP = 86.44.x.x, P1 Retransmit msg dispatched to AM FSM

5|Sep 24 2010|13:54:16|713201|||||Group = VPNtest9, IP = 86.44.x.x, Duplicate Phase 1 packet detected. Retransmitting last packet.

6|Sep 24 2010|13:54:11|713905|||||Group = VPNtest9, IP = 86.44.x.x, P1 Retransmit msg dispatched to AM FSM

5|Sep 24 2010|13:54:11|713201|||||Group = VPNtest9, IP = 86.44.x.x, Duplicate Phase 1 packet detected. Retransmitting last packet.

5|Sep 24 2010|13:54:06|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Group 2 Cfg'd: Group 1

5|Sep 24 2010|13:54:06|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Group 2 Cfg'd: Group 1

5|Sep 24 2010|13:54:06|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Group 2 Cfg'd: Group 1

5|Sep 24 2010|13:54:06|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Group 2 Cfg'd: Group 1

5|Sep 24 2010|13:54:06|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Group 2 Cfg'd: Group 1

5|Sep 24 2010|13:54:06|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Group 2 Cfg'd: Group 1

5|Sep 24 2010|13:54:06|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Group 2 Cfg'd: Group 1

5|Sep 24 2010|13:54:06|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Group 2 Cfg'd: Group 1

5|Sep 24 2010|13:54:06|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Group 2 Cfg'd: Group 1

5|Sep 24 2010|13:54:06|713257|||||Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Group 2 Cfg'd: Group 1

6|Sep 24 2010|13:54:06|302015|86.44.x.x|51905|192.168.0.27|500|Built inbound UDP connection 7487 for Internet:86.44.x.x/51905 (86.44.x.x/51905) to identity:192.168.0.27/500 (192.168.0.27/500)

and this in the client log:

Cisco Systems VPN Client Version 5.0.02.0090

Copyright (C) 1998-2007 Cisco Systems, Inc. All Rights Reserved.

Client Type(s): Windows, WinNT

Running on: 5.1.2600 Service Pack 3

24 13:54:08.250 09/24/10 Sev=Info/4 CM/0x63100002

Begin connection process

25 13:54:08.265 09/24/10 Sev=Info/4 CM/0x63100004

Establish secure connection

26 13:54:08.265 09/24/10 Sev=Info/4 CM/0x63100024

Attempt connection with server "213.94.x.x"

27 13:54:08.437 09/24/10 Sev=Info/6 IKE/0x6300003B

Attempting to establish a connection with 213.94.x.x.

28 13:54:08.437 09/24/10 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to 213.94.x.x

29 13:54:08.484 09/24/10 Sev=Info/4 IPSEC/0x63700008

IPSec driver successfully started

30 13:54:08.484 09/24/10 Sev=Info/4 IPSEC/0x63700014

Deleted all keys

31 13:54:13.484 09/24/10 Sev=Info/4 IKE/0x63000021

Retransmitting last packet!

32 13:54:13.484 09/24/10 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK AG (Retransmission) to 213.94.x.x

33 13:54:18.484 09/24/10 Sev=Info/4 IKE/0x63000021

Retransmitting last packet!

34 13:54:18.484 09/24/10 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK AG (Retransmission) to 213.94.x.x

35 13:54:23.484 09/24/10 Sev=Info/4 IKE/0x63000021

Retransmitting last packet!

36 13:54:23.484 09/24/10 Sev=Info/4 IKE/0x63000013

SENDING >>> ISAKMP OAK AG (Retransmission) to 213.94.x.x

37 13:54:28.484 09/24/10 Sev=Info/4 IKE/0x63000017

Marking IKE SA for deletion (I_Cookie=36C50ACCE984B0B0 R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING

38 13:54:28.984 09/24/10 Sev=Info/4 IKE/0x6300004B

Discarding IKE SA negotiation (I_Cookie=36C50ACCE984B0B0 R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING

39 13:54:28.984 09/24/10 Sev=Info/4 CM/0x63100014

Unable to establish Phase 1 SA with server "213.94.x.x" because of "DEL_REASON_PEER_NOT_RESPONDING"

40 13:54:28.984 09/24/10 Sev=Info/5 CM/0x63100025

Initializing CVPNDrv

41 13:54:28.984 09/24/10 Sev=Info/6 CM/0x63100046

Set tunnel established flag in registry to 0.

42 13:54:28.984 09/24/10 Sev=Info/4 IKE/0x63000001

IKE received signal to terminate VPN connection

43 13:54:29.187 09/24/10 Sev=Info/4 IPSEC/0x63700014

Deleted all keys

44 13:54:29.187 09/24/10 Sev=Info/4 IPSEC/0x63700014

Deleted all keys

45 13:54:29.187 09/24/10 Sev=Info/4 IPSEC/0x63700014

Deleted all keys

46 13:54:29.187 09/24/10 Sev=Info/4 IPSEC/0x6370000A

IPSec driver successfully stopped

I have full http connectivity from the internet to a machine on the inside of the asa 5520 so i think the static routing and NAT'ing should be ok, but i'm happy to provide any details.

Can anyone see what i'm doing wrong?

Thanks,

Sam

1 person had this problem
Labels:
0 Helpful
15 Replies 15

Go to solution
agonzalez
Level 1
Level 1

‎12-03-2012 09:01 AM

Hello Jennifer

I am having a similar issue running the Cisco VPN clinet behind a Motorola NVG5510. I recieve the 

082  12/03/12  Sev=Info/4 CM/0x63100014

Unable to establish Phase 1 SA with server "???.com" because of "DEL_REASON_PEER_NOT_RESPONDING"

082  12/03/12  Sev=Info/4 CM/0x63100014

Unable to establish Phase 1 SA with server "??.com" because of "DEL_REASON_PEER_NOT_RESPONDING"

It fails Phase 1 , have you heard anything allong these lines?

Thanks

0 Helpful
Customers Also Viewed These Support Documents