09-19-2013 10:45 AM - edited 02-21-2020 07:10 PM
hello,
I have I VPN IPSEC work fine and in night its down I didn't change any think and the other company too
after one day of cheking i can't resolv this problem
so I ask for your help its very urgent all my data center in Production now
you find below the debug when i try to connect with VPN and the configuration of the VPN tunnel :
where X.X.X.X its the public IP adresse for the other end and Y.Y.Y.Y address of the computer where I try to connect
##########################################################################################################
ciscoasa# Sep 19 18:24:24 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0
Sep 19 18:24:24 [IKEv1]: IP = X.X.X.X, IKE Initiator: New Phase 1, Intf test, IKE Peer X.X.X.X local Proxy Address Y.Y.Y.Y, remote Proxy Address
192.168.140.41, Crypto map (outside_map)
Sep 19 18:24:24 [IKEv1 DEBUG]: IP = X.X.X.X, constructing ISAKMP SA payload
Sep 19 18:24:24 [IKEv1 DEBUG]: IP = X.X.X.X, constructing NAT-Traversal VID ver 02 payload
Sep 19 18:24:24 [IKEv1 DEBUG]: IP = X.X.X.X, constructing NAT-Traversal VID ver 03 payload
Sep 19 18:24:24 [IKEv1 DEBUG]: IP = X.X.X.X, constructing Fragmentation VID + extended capabilities payload
Sep 19 18:24:24 [IKEv1]: IP = X.X.X.X, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (
0) total length : 184
ISAKMP Header
Initiator COOKIE: db 90 77 a7 5c 74 a2 cb
Responder COOKIE: 00 00 00 00 00 00 00 00
Next Payload: Security Association
Version: 1.0
Exchange Type: Identity Protection (Main Mode)
Flags: (none)
MessageID: 00000000
Length: 184
Payload Security Association
Next Payload: Vendor ID
Reserved: 00
Payload Length: 92
DOI: IPsec
Situation:(SIT_IDENTITY_ONLY)
Payload Proposal
Next Payload: None
Reserved: 00
Payload Length: 80
Proposal #: 1
Protocol-Id: PROTO_ISAKMP
SPI Size: 0
# of transforms: 2
Payload Transform
Next Payload: Transform
Reserved: 00
Payload Length: 36
Transform #: 1
Transform-Id: KEY_IKE
Reserved2: 0000
Group Description: Group 2
Encryption Algorithm: 3DES-CBC
Hash Algorithm: MD5
Authentication Method: Preshared key
Life Type: seconds
Life Duration (Hex): 00 01 51 80
Payload Transform
Next Payload: None
Reserved: 00
Payload Length: 36
Transform #: 2
Transform-Id: KEY_IKE
Reserved2: 0000
Group Description: Group 1
Encryption Algorithm: 3DES-CBC
Hash Algorithm: MD5
Authentication Method: Preshared key
Life Type: seconds
Life Duration (Hex): 00 01 51 80
Payload Vendor ID
Next Payload: Vendor ID
Reserved: 00
Payload Length: 20
Data (In Hex):
90 cb 80 91 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f
Payload Vendor ID
Next Payload: Vendor ID
Reserved: 00
Payload Length: 20
Data (In Hex):
7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56
Payload Vendor ID
Next Payload: None
Reserved: 00
Payload Length: 24
Data (In Hex):
40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3
c0 00 00 00
Sep 19 18:24:25 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0
Sep 19 18:24:25 [IKEv1]: IP = X.X.X.X, Queuing KEY-ACQUIRE messages to be processed when P1 SA is complete.
Sep 19 18:24:26 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0
Sep 19 18:24:26 [IKEv1]: IP = X.X.X.X, Queuing KEY-ACQUIRE messages to be processed when P1 SA is complete.
Sep 19 18:24:27 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0
Sep 19 18:24:27 [IKEv1]: IP = X.X.X.X, Queuing KEY-ACQUIRE messages to be processed when P1 SA is complete.
Sep 19 18:24:28 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0
Sep 19 18:24:28 [IKEv1]: IP = X.X.X.X, Queuing KEY-ACQUIRE messages to be processed when P1 SA is complete.
Sep 19 18:24:29 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0
Sep 19 18:24:29 [IKEv1]: IP = X.X.X.X, Queuing KEY-ACQUIRE messages to be processed when P1 SA is complete.
Sep 19 18:24:30 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0
Sep 19 18:24:30 [IKEv1]: IP = X.X.X.X, Queuing KEY-ACQUIRE messages to be processed when P1 SA is complete.
Sep 19 18:24:31 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0
Sep 19 18:24:31 [IKEv1]: IP = X.X.X.X, Queuing KEY-ACQUIRE messages to be processed when P1 SA is complete.
Sep 19 18:24:32 [IKEv1]: IP = X.X.X.X, IKE_DECODE RESENDING Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE
(0) total length : 184
ISAKMP Header
Initiator COOKIE: db 90 77 a7 5c 74 a2 cb
Responder COOKIE: 00 00 00 00 00 00 00 00
Next Payload: Security Association
Version: 1.0
Exchange Type: Identity Protection (Main Mode)
Flags: (none)
MessageID: 00000000
Length: 184
Payload Security Association
Next Payload: Vendor ID
Reserved: 00
Payload Length: 92
DOI: IPsec
Situation:(SIT_IDENTITY_ONLY)
Payload Proposal
Next Payload: None
Reserved: 00
Payload Length: 80
Proposal #: 1
Protocol-Id: PROTO_ISAKMP
SPI Size: 0
# of transforms: 2
Payload Transform
Next Payload: Transform
Reserved: 00
Payload Length: 36
Transform #: 1
Transform-Id: KEY_IKE
Reserved2: 0000
Group Description: Group 2
Encryption Algorithm: 3DES-CBC
Hash Algorithm: MD5
Authentication Method: Preshared key
Life Type: seconds
Life Duration (Hex): 00 01 51 80
Payload Transform
Next Payload: None
Reserved: 00
Payload Length: 36
Transform #: 2
Transform-Id: KEY_IKE
Reserved2: 0000
Group Description: Group 1
Encryption Algorithm: 3DES-CBC
Hash Algorithm: MD5
Authentication Method: Preshared key
Life Type: seconds
Life Duration (Hex): 00 01 51 80
Payload Vendor ID
Next Payload: Vendor ID
Reserved: 00
Payload Length: 20
Data (In Hex):
90 cb 80 91 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f
Payload Vendor ID
Next Payload: Vendor ID
Reserved: 00
Payload Length: 20
Data (In Hex):
7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56
Payload Vendor ID
Next Payload: None
Reserved: 00
Payload Length: 24
Data (In Hex):
40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3
c0 00 00 00
Sep 19 18:24:32 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0
Sep 19 18:24:32 [IKEv1]: IP = X.X.X.X, Queuing KEY-ACQUIRE messages to be processed when P1 SA is complete.
Sep 19 18:24:33 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0
Sep 19 18:24:33 [IKEv1]: IP = X.X.X.X, Queuing KEY-ACQUIRE messages to be processed when P1 SA is complete.
debug crypto isakmp 25Sep 19 18:24:34 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0
Sep 19 18:24:34 [IKEv1]: IP = X.X.X.X, Queuing KEY-ACQUIRE messages to be processed when P1 SA is complete.
Sep 19 18:24:35 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0
Sep 19 18:24:35 [IKEv1]: IP = X.X.X.X, Queuing KEY-ACQUIRE messages to be processed when P1 SA is complete.
Sep 19 18:24:36 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0
Sep 19 18:24:36 [IKEv1]: IP = X.X.X.X, Queuing KEY-ACQUIRE messages to be processed when P1 SA is complete.
noSep 19 18:24:37 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0
Sep 19 18:24:37 [IKEv1]: IP = X.X.X.X, Queuing KEY-ACQUIRE messages to be processed when P1 SA is complete.
Sep 19 18:24:38 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0
Sep 19 18:24:38 [IKEv1]: IP = X.X.X.X, Queuing KEY-ACQUIRE messages to be processed when P1 SA is complete.
ciscoasa#
####################################################################################################################
09-19-2013 10:51 AM
here is the tunnel configuration
thx
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide