03-01-2020 10:46 PM
Below is the debug I am getting on the ASA, I find Meraki support not very helpful
Passes phase 1 but get a disconnect from the Meraki when doing phase 2
anybody help
IKEv2-PLAT-2: (804): Site to Site connection detected
IKEv2-PLAT-2: (804): P1 ID = 255
IKEv2-PLAT-2: (804): Completed authentication for connection
IKEv2-PLAT-2: (804): connection auth hdl set to 1674
IKEv2-PLAT-2: (804): AAA conn attribute retrieval successfully queued for register session request.
IKEv2-PLAT-2: (804): idle timeout set to: 30
IKEv2-PLAT-2: (804): session timeout set to: 0
IKEv2-PLAT-2: (804): group policy set to L2L-Ipsec
IKEv2-PLAT-2: (804): class attr set
IKEv2-PLAT-2: (804): tunnel protocol set to: 0x44
IKEv2-PLAT-2: (804): IPv4 filter ID not configured for connection
IKEv2-PLAT-2: (804): group lock set to: none
IKEv2-PLAT-2: (804): IPv6 filter ID not configured for connection
IKEv2-PLAT-2: (804): connection attribues set valid to TRUE
IKEv2-PLAT-2: (804): Successfully retrieved conn attrs
IKEv2-PLAT-2: (804): Session registration after conn attr retrieval PASSED, No error
IKEv2-PLAT-2: (804): connection auth hdl set to -1
IKEv2-PLAT-2: (804): Encrypt success status returned via ipc 1
IKEv2-PLAT-3: (804): SENT PKT [INFORMATIONAL] [103.xx.xx.xx]:500->[148.xx.xx.xx]:500 InitSPI=0x6b8abf186fdf7ba1 RespSPI=0xd0b47244cebc96ea MID=00000002
IKEv2 Recv RAW packet dump
6b 8a bf 18 6f df 7b a1 d0 b4 72 44 ce bc 96 ea | k...o.{...rD....
2e 20 25 20 00 00 00 02 00 00 00 4c 00 00 00 30 | . % .......L...0
9c c0 a9 da c8 3c d2 d2 79 9e 27 d8 77 1a a5 76 | .....<..y.'.w..v
cf e8 72 3a 3f 66 a1 f5 1c d4 a0 10 2a 37 24 76 | ..r:?f......*7$v
e8 11 67 9a 07 70 8e 7e cc 29 fd 2b | ..g..p.~.).+
IKEv2-PLAT-2: (804): Decrypt success status returned via ipc 1
IKEv2-PLAT-2: (804): IKEv2 session deregistered from session manager. Reason: 8
IKEv2-PLAT-2: (804): session manager killed ikev2 tunnel. Reason: Internal Error
IKEv2-PLAT-2: (804): PSH cleanup
03-01-2020 11:58 PM
the tunnel came up when I did a
crypto map outside_map 15 set nat-t-disable
but still not passing traffic
03-02-2020 01:45 AM
Now passing traffic so will close
11-11-2022 03:39 AM
I am getting the same " Reason: Internal Error" but for Anyconnect towards Meraki firewall.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: