Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
698
Views
0
Helpful
1
Replies

Problem VPN IPSEC ASA 5510

z.elguesmi
Level 1
Level 1

‎09-19-2013 10:45 AM - edited ‎02-21-2020 07:10 PM

hello,

I have I VPN IPSEC work fine and in night its down I didn't change any think and the other company too

after one day of cheking i can't resolv this problem

so I ask for your help its very urgent all my data center in Production now

you find below the debug when i try to connect with VPN and the configuration of the VPN tunnel :

where X.X.X.X its the public IP adresse for the other end and Y.Y.Y.Y address of the computer where I try to connect

##########################################################################################################

ciscoasa# Sep 19 18:24:24 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0

Sep 19 18:24:24 [IKEv1]: IP = X.X.X.X, IKE Initiator: New Phase 1, Intf test, IKE Peer X.X.X.X  local Proxy Address Y.Y.Y.Y, remote Proxy Address

192.168.140.41,  Crypto map (outside_map)

Sep 19 18:24:24 [IKEv1 DEBUG]: IP = X.X.X.X, constructing ISAKMP SA payload

Sep 19 18:24:24 [IKEv1 DEBUG]: IP = X.X.X.X, constructing NAT-Traversal VID ver 02 payload

Sep 19 18:24:24 [IKEv1 DEBUG]: IP = X.X.X.X, constructing NAT-Traversal VID ver 03 payload

Sep 19 18:24:24 [IKEv1 DEBUG]: IP = X.X.X.X, constructing Fragmentation VID + extended capabilities payload

Sep 19 18:24:24 [IKEv1]: IP = X.X.X.X, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (

0) total length : 184

ISAKMP Header

  Initiator COOKIE: db 90 77 a7 5c 74 a2 cb

  Responder COOKIE: 00 00 00 00 00 00 00 00

  Next Payload: Security Association

  Version: 1.0

  Exchange Type: Identity Protection (Main Mode)

  Flags: (none)

  MessageID: 00000000

  Length: 184

  Payload Security Association

    Next Payload: Vendor ID

    Reserved: 00

    Payload Length: 92

    DOI: IPsec

    Situation:(SIT_IDENTITY_ONLY)

    Payload Proposal

      Next Payload: None

      Reserved: 00

      Payload Length: 80

      Proposal #: 1

      Protocol-Id: PROTO_ISAKMP

      SPI Size: 0

      # of transforms: 2

      Payload Transform

        Next Payload: Transform

        Reserved: 00

        Payload Length: 36

        Transform #: 1

        Transform-Id: KEY_IKE

        Reserved2: 0000

        Group Description: Group 2

        Encryption Algorithm: 3DES-CBC

        Hash Algorithm: MD5

        Authentication Method: Preshared key

        Life Type: seconds

        Life Duration (Hex): 00 01 51 80

      Payload Transform

        Next Payload: None

        Reserved: 00

        Payload Length: 36

        Transform #: 2

        Transform-Id: KEY_IKE

        Reserved2: 0000

        Group Description: Group 1

        Encryption Algorithm: 3DES-CBC

        Hash Algorithm: MD5

        Authentication Method: Preshared key

        Life Type: seconds

        Life Duration (Hex): 00 01 51 80

  Payload Vendor ID

    Next Payload: Vendor ID

    Reserved: 00

    Payload Length: 20

    Data (In Hex):

      90 cb 80 91 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f

  Payload Vendor ID

    Next Payload: Vendor ID

    Reserved: 00

    Payload Length: 20

    Data (In Hex):

      7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56

  Payload Vendor ID

    Next Payload: None

    Reserved: 00

    Payload Length: 24

    Data (In Hex):

      40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3

      c0 00 00 00

Sep 19 18:24:25 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0

Sep 19 18:24:25 [IKEv1]: IP = X.X.X.X, Queuing KEY-ACQUIRE messages to be processed when P1 SA is complete.

Sep 19 18:24:26 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0

Sep 19 18:24:26 [IKEv1]: IP = X.X.X.X, Queuing KEY-ACQUIRE messages to be processed when P1 SA is complete.

Sep 19 18:24:27 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0

Sep 19 18:24:27 [IKEv1]: IP = X.X.X.X, Queuing KEY-ACQUIRE messages to be processed when P1 SA is complete.

Sep 19 18:24:28 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0

Sep 19 18:24:28 [IKEv1]: IP = X.X.X.X, Queuing KEY-ACQUIRE messages to be processed when P1 SA is complete.

Sep 19 18:24:29 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0

Sep 19 18:24:29 [IKEv1]: IP = X.X.X.X, Queuing KEY-ACQUIRE messages to be processed when P1 SA is complete.

Sep 19 18:24:30 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0

Sep 19 18:24:30 [IKEv1]: IP = X.X.X.X, Queuing KEY-ACQUIRE messages to be processed when P1 SA is complete.

Sep 19 18:24:31 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0

Sep 19 18:24:31 [IKEv1]: IP = X.X.X.X, Queuing KEY-ACQUIRE messages to be processed when P1 SA is complete.

Sep 19 18:24:32 [IKEv1]: IP = X.X.X.X, IKE_DECODE RESENDING Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE

(0) total length : 184

ISAKMP Header

  Initiator COOKIE: db 90 77 a7 5c 74 a2 cb

  Responder COOKIE: 00 00 00 00 00 00 00 00

  Next Payload: Security Association

  Version: 1.0

  Exchange Type: Identity Protection (Main Mode)

  Flags: (none)

  MessageID: 00000000

  Length: 184

  Payload Security Association

    Next Payload: Vendor ID

    Reserved: 00

    Payload Length: 92

    DOI: IPsec

    Situation:(SIT_IDENTITY_ONLY)

    Payload Proposal

      Next Payload: None

      Reserved: 00

      Payload Length: 80

      Proposal #: 1

      Protocol-Id: PROTO_ISAKMP

      SPI Size: 0

      # of transforms: 2

      Payload Transform

        Next Payload: Transform

        Reserved: 00

        Payload Length: 36

        Transform #: 1

        Transform-Id: KEY_IKE

        Reserved2: 0000

        Group Description: Group 2

        Encryption Algorithm: 3DES-CBC

        Hash Algorithm: MD5

        Authentication Method: Preshared key

        Life Type: seconds

        Life Duration (Hex): 00 01 51 80

      Payload Transform

        Next Payload: None

        Reserved: 00

        Payload Length: 36

        Transform #: 2

        Transform-Id: KEY_IKE

        Reserved2: 0000

        Group Description: Group 1

        Encryption Algorithm: 3DES-CBC

        Hash Algorithm: MD5

        Authentication Method: Preshared key

        Life Type: seconds

        Life Duration (Hex): 00 01 51 80

  Payload Vendor ID

    Next Payload: Vendor ID

    Reserved: 00

    Payload Length: 20

    Data (In Hex):

      90 cb 80 91 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f

  Payload Vendor ID

    Next Payload: Vendor ID

    Reserved: 00

    Payload Length: 20

    Data (In Hex):

      7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56

  Payload Vendor ID

    Next Payload: None

    Reserved: 00

    Payload Length: 24

    Data (In Hex):

      40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3

      c0 00 00 00

Sep 19 18:24:32 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0

Sep 19 18:24:32 [IKEv1]: IP = X.X.X.X, Queuing KEY-ACQUIRE messages to be processed when P1 SA is complete.

Sep 19 18:24:33 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0

Sep 19 18:24:33 [IKEv1]: IP = X.X.X.X, Queuing KEY-ACQUIRE messages to be processed when P1 SA is complete.

debug crypto isakmp 25Sep 19 18:24:34 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0

Sep 19 18:24:34 [IKEv1]: IP = X.X.X.X, Queuing KEY-ACQUIRE messages to be processed when P1 SA is complete.

Sep 19 18:24:35 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0

Sep 19 18:24:35 [IKEv1]: IP = X.X.X.X, Queuing KEY-ACQUIRE messages to be processed when P1 SA is complete.

Sep 19 18:24:36 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0

Sep 19 18:24:36 [IKEv1]: IP = X.X.X.X, Queuing KEY-ACQUIRE messages to be processed when P1 SA is complete.

noSep 19 18:24:37 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0

Sep 19 18:24:37 [IKEv1]: IP = X.X.X.X, Queuing KEY-ACQUIRE messages to be processed when P1 SA is complete.

Sep 19 18:24:38 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0

Sep 19 18:24:38 [IKEv1]: IP = X.X.X.X, Queuing KEY-ACQUIRE messages to be processed when P1 SA is complete.

ciscoasa#

####################################################################################################################

Labels:
0 Helpful
1 Reply 1

z.elguesmi
Level 1
Level 1

‎09-19-2013 10:51 AM

here is the tunnel configuration

thx

0 Helpful
Customers Also Viewed These Support Documents