l2l vpn problem between ASA5510 and Watchguard x550e

dfcsystems · ‎04-09-2007

Hello @All

i have a big problem with a vpn between my Cisco ASA 5510 and a Watchguard Firebox x550e.

When the Watchguard starts the VPN, everthing is working fine. Phase one/two and the local

LAN access in both directions is correct.

But when my Cisco ASA starts te vpn, a error message pops up after completing phase one.

The Watchguard log says: "iked Sending INFORM NOTIFY(type 16) message"

The Cisco ASA log says: "Received non-routine Notify message: Payload malformed (16)"

The Watchguard admin said, that my ASA ignoring re-key. Is that possible?

If yes, where can i check this at the ASA?

Robert.

Manjunatha Jayaram · ‎04-09-2007

Dear Robert,

The above error from ASA indicates there may be a problem with your preshared key..Both Local and remotre sites...or an Out of Synce problem to the remote end/peer. Give more details about ur Watchguard version with what application it is running..Send the complete log of

1. sh crypto ipsec sa

2. sh crypto isakmp sa

3. debug crypto isa 255

4. debug crypto ipsec 255

dfcsystems · ‎04-10-2007

Hello,

the Watchguard is a Firebox X550e running Fireware v8.3.1 and WatchGuard Firebox System v7.4.1

I attached all logs.

I think, that the preshared key is not the problem because i set the key very small and simple at both sides.

Thx Robert.

dfcsystems · ‎04-10-2007

And the last one...

dfcsystems · ‎04-10-2007

We have over 10 running L2L VPN configured on my ASA and some of them have also a Firebox as peer.

The only difference i found is how the peers connect to their ISP. The watchguard with the problem is the only peer wich connects with PPPoE (static IP) to ISP.

Could this be the cause of defect?