cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2465
Views
0
Helpful
3
Replies

Meraki to ASA L2L vpn fails

Richard Bradfield
Frequent Contributor
Frequent Contributor

Below is the debug I am getting on the ASA, I find Meraki support not very helpful

Passes phase 1 but get a disconnect from the Meraki when doing phase 2

anybody help

IKEv2-PLAT-2: (804): Site to Site connection detected
IKEv2-PLAT-2: (804): P1 ID = 255
IKEv2-PLAT-2: (804): Completed authentication for connection
IKEv2-PLAT-2: (804): connection auth hdl set to 1674
IKEv2-PLAT-2: (804): AAA conn attribute retrieval successfully queued for register session request.
IKEv2-PLAT-2: (804): idle timeout set to: 30
IKEv2-PLAT-2: (804): session timeout set to: 0
IKEv2-PLAT-2: (804): group policy set to L2L-Ipsec
IKEv2-PLAT-2: (804): class attr set
IKEv2-PLAT-2: (804): tunnel protocol set to: 0x44
IKEv2-PLAT-2: (804): IPv4 filter ID not configured for connection
IKEv2-PLAT-2: (804): group lock set to: none
IKEv2-PLAT-2: (804): IPv6 filter ID not configured for connection
IKEv2-PLAT-2: (804): connection attribues set valid to TRUE
IKEv2-PLAT-2: (804): Successfully retrieved conn attrs
IKEv2-PLAT-2: (804): Session registration after conn attr retrieval PASSED, No error
IKEv2-PLAT-2: (804): connection auth hdl set to -1
IKEv2-PLAT-2: (804): Encrypt success status returned via ipc 1
IKEv2-PLAT-3: (804): SENT PKT [INFORMATIONAL] [103.xx.xx.xx]:500->[148.xx.xx.xx]:500 InitSPI=0x6b8abf186fdf7ba1 RespSPI=0xd0b47244cebc96ea MID=00000002


IKEv2 Recv RAW packet dump
6b 8a bf 18 6f df 7b a1 d0 b4 72 44 ce bc 96 ea | k...o.{...rD....
2e 20 25 20 00 00 00 02 00 00 00 4c 00 00 00 30 | . % .......L...0
9c c0 a9 da c8 3c d2 d2 79 9e 27 d8 77 1a a5 76 | .....<..y.'.w..v
cf e8 72 3a 3f 66 a1 f5 1c d4 a0 10 2a 37 24 76 | ..r:?f......*7$v
e8 11 67 9a 07 70 8e 7e cc 29 fd 2b | ..g..p.~.).+
IKEv2-PLAT-2: (804): Decrypt success status returned via ipc 1
IKEv2-PLAT-2: (804): IKEv2 session deregistered from session manager. Reason: 8
IKEv2-PLAT-2: (804): session manager killed ikev2 tunnel. Reason: Internal Error
IKEv2-PLAT-2: (804): PSH cleanup

 

3 Replies 3

Richard Bradfield
Frequent Contributor
Frequent Contributor

the tunnel came up when I did a

crypto map outside_map 15 set nat-t-disable

but still not passing traffic

 

Now passing traffic             so will close

diego_centeno
Beginner
Beginner

I am getting the same " Reason: Internal Error" but for Anyconnect towards Meraki firewall.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers