Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7567
Views
5
Helpful
6
Replies

Phase 2 type code table needed

r.spiandorello
Level 1
Level 1

‎07-13-2009 04:50 AM

Hi, we have the following error with a L2L tunnel between ASA 5540 ver 8.0(3) and a Sonicwall:

<163>%ASA-3-713016: Group = x.y.z.w, IP = x.y.z.w, Unknown identification type, Phase 2, Type 7

What does it mean ?

Do you have a phase 2 type code table ?

thanks

2 people had this problem
Labels:
0 Helpful
6 Replies 6

dsweeny
Level 3
Level 3

‎07-17-2009 02:14 PM

VPN tunnel between ASA and Sonicwall is failing in phase II. The logs indicate that the crypto ACL is not matching, hence the tunnel is failing. Unknown identification type, Phase 2, Type 7

ahmad82pkn
Level 3
Level 3
In response to dsweeny

‎11-11-2011 05:11 PM

Hi dsweeny, I had same issue like poster of the thread, and your suggestion resolved my issues, thank you very much

0 Helpful

apdatasoft
Level 1
Level 1

‎11-11-2009 10:35 PM

Hi,

Have you resolved the issue. If so please let me know the solution, since i do have the same problem when i do an Site-2-Site VPN tunnel between Sonicwall to ASA 5520 ver 8.0(4)

Thanks in advance

0 Helpful

Patrick0711
Level 3
Level 3

‎11-14-2011 02:10 PM

RFC 2407:

       ID Type                   Value
       -------                   -----
       RESERVED                            0
       ID_IPV4_ADDR                        1
       ID_FQDN                             2
       ID_USER_FQDN                        3
       ID_IPV4_ADDR_SUBNET                 4
       ID_IPV6_ADDR                        5
       ID_IPV6_ADDR_SUBNET                 6
       ID_IPV4_ADDR_RANGE                  7
       ID_IPV6_ADDR_RANGE                  8
       ID_DER_ASN1_DN                      9
       ID_DER_ASN1_GN                      10
       ID_KEY_ID                           11

http://www.ietf.org/rfc/rfc2407.txt

ASA will only support ID_IPV4_ADDR and ID_IPV4_ADDR_SUBNET when you're specifying proxy ID information AFAIK

0 Helpful

Arun Nair
Level 1
Level 1
In response to Patrick0711

‎11-14-2011 10:36 PM

Whenever you are peering between multiple vendors, make sure you set the proxy-id in the remote non-cisco vendor. Faced this issue a couple of times.

0 Helpful

imfvieira
Level 1
Level 1
In response to Patrick0711

‎01-14-2014 11:50 AM

I got this problem too. We have a ASA 5580 - 8.2 that is used with VPN.

Our ASA --> Sonic Wall => Phase 1 and 2 are ok.

Sonic Wall --> Our ASA ==> Phase 1 ok and Phase 2 shows the same message.

So I asked to SonicWall admin check if they are sending correct Local and Remote Address.

Maybe it´s the Remote Address on their side because we have two hosts on our local network and the ID is showing that they are sending a IP range instead of 2 hosts (or two ip/32).

If it doesn´t solve, next try will be the proxy-id.

0 Helpful
Customers Also Viewed These Support Documents