Hello Guys,

I was trying to configure IKEv2 l2l vpn b/n asa which is at my end and Huawei router which is remote peer. The tunnel will not come up with error "Auth exchange failed".  Below is debug and packet-tracer outputs. please help.

IKEv2-PROTO-4: (1382): Received Packet [From RemotePeerIp:4500/To LocalPeerIp:4500/VRF i0:f0]

(1382): Initiator SPI : A5DD10C2FC4C7696 - Responder SPI : 863E42197DD3FC45 Message id: 1

(1382): IKEv2 IKE_AUTH Exchange RESPONSEIKEv2-PROTO-5: (1382): Next payload: ENCR, version: 2.0 (1382): Exchange type: IKE_AUTH, flags: RESPONDER MSG-RESPONSE (1382): Message id: 1, length: 80(1382):

Payload contents:

(1382):

(1382): Decrypted packet:(1382): Data: 80 bytes

(1382): REAL Decrypted packet:(1382): Data: 8 bytes

IKEv2-PROTO-7: (1382): SM Trace-> SA: I_SPI=A5DD10C2FC4C7696 R_SPI=863E42197DD3FC45 (I) MsgID = 00000001 CurState: I_WAIT_AUTH Event: EV_RECV_AUTH IKEv2-PROTO-7: (1382): Action: Action_Null

IKEv2-PROTO-7: (1382): SM Trace-> SA: I_SPI=A5DD10C2FC4C7696 R_SPI=863E42197DD3FC45 (I) MsgID = 00000001 CurState: I_PROC_AUTH Event: EV_CHK4_NOTIFY IKEv2-PROTO-4: (1382): Process auth response notify

IKEv2-PROTO-7: (1382): SM Trace-> SA: I_SPI=A5DD10C2FC4C7696 R_SPI=863E42197DD3FC45 (I) MsgID = 00000001 CurState: AUTH_DONE Event: EV_FAIL IKEv2-PROTO-4: (1382): Auth exchange failed

IKEv2-PROTO-2: (1382): Auth exchange failed IKEv2-PROTO-2: (1382): Auth exchange failed IKEv2-PROTO-7: (1382): SM Trace-> SA: I_SPI=A5DD10C2FC4C7696 R_SPI=863E42197DD3FC45 (I) MsgID = 00000001 CurState: EXIT Event: EV_ABORT

IKEv2-PROTO-7: (1382): SM Trace-> SA: I_SPI=A5DD10C2FC4C7696 R_SPI=863E42197DD3FC45 (I) MsgID = 00000001 CurState: EXIT Event: EV_CHK_PENDING_ABORT

IKEv2-PROTO-7: (1382): SM Trace-> SA: I_SPI=A5DD10C2FC4C7696 R_SPI=863E42197DD3FC45 (I) MsgID = 00000001 CurState: EXIT Event: EV_UPDATE_CAC_STATS IKEv2-PROTO-4: (1382): Abort exchange

IKEv2-PROTO-4: (1382): Deleting SA

packet tracer output
==================

Phase: 7

Type: VPN

Subtype: encrypt

Result: DROP

Config:

Additional Information:

Forward Flow based lookup yields rule:

out id=0x2b4ea32c5920, priority=70, domain=encrypt, deny=false

hits=8996, user_data=0x0, cs_id=0x2b4e96391760, reverse, flags=0x0, protocol=0

src ip/id=LocalNatIP, mask=255.255.255.255, port=0, tag=any

dst ip/id=RemoteLANIP, mask=255.255.255.255, port=0, tag=any, dscp=0x0

input_ifc=any(vrfid:65535), output_ifc=OUTSIDE_IF

Result: input-interface: INSIDE_IF(vrfid:0)

input-status: up

input-line-status: up

output-interface: OUTSIDE_IF(vrfid:0)

output-status: up

output-line-status: up

Action: drop

Drop-reason: (acl-drop) Flow is denied by configured rule, Drop-location: frame 0x000055d14c10d3b6 flow (need-ike)/snp_sp_action_cb:1575