Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Cisco Community
- Technology and Support
- Security
- VPN
- Problems to establish a vpn site to site between ASA5505 and RV180W
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
715
Views
5
Helpful
1
Replies
Problems to establish a vpn site to site between ASA5505 and RV180W
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-02-2015 02:28 AM
Hello,
I'm asking for your help about a problem I have been struggling with for about a two day.
Background information:
- ASA5505 (ASDM5.2)
- Router RV180W
- VPN Site To Site
Probleme :
I tried to configure the VPN again but i always get the same errors . I tested many solution found on internet but it doesn't work.
Did someone experienced this kind of problem? I'm running out of ideas!!!
Thanks in davance for your help
Configuration VPN on RV180W
(File attachment)
Logging ASA
7|Sep 02 2015|09:24:14|715077|||Pitcher: received a key acquire message, spi 0x0 7|Sep 02 2015|09:24:13|713236|||IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + NOTIFY (11) + NONE (0) total length : 68 4|Sep 02 2015|09:24:13|713903|||IP = ***.***.***.**4, Header invalid, missing SA payload! (next payload = 4) 6|Sep 02 2015|09:24:13|302016|81.255.34.117|SRV_ERP|Teardown UDP connection 7023 for outside:81.255.34.117/8137 to inside:SRV_ERP/20957 duration 0:02:01 bytes 252 7|Sep 02 2015|09:24:12|713236|||IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + NOTIFY (11) + NONE (0) total length : 68 4|Sep 02 2015|09:24:12|713903|||IP = ***.***.***.**4, Header invalid, missing SA payload! (next payload = 4) 7|Sep 02 2015|09:24:12|713236|||IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + NOTIFY (11) + NONE (0) total length : 68 4|Sep 02 2015|09:24:12|713903|||IP = ***.***.***.**4, Header invalid, missing SA payload! (next payload = 4) 4|Sep 02 2015|09:24:08|713903|||Group = ***.***.***.**4, IP = ***.***.***.**4, Error: Unable to remove PeerTblEntry 3|Sep 02 2015|09:24:08|713902|||Group = ***.***.***.**4, IP = ***.***.***.**4, Removing peer from peer table failed, no match! 7|Sep 02 2015|09:24:08|713906|||Group = ***.***.***.**4, IP = ***.***.***.**4, sending delete/delete with reason message 7|Sep 02 2015|09:24:08|713906|||Group = ***.***.***.**4, IP = ***.***.***.**4, IKE SA MM:7145c26f terminating: flags 0x01000022, refcnt 0, tuncnt 0 7|Sep 02 2015|09:24:08|715065|||Group = ***.***.***.**4, IP = ***.***.***.**4, IKE MM Initiator FSM error history (struct &0x41da7a0) <state>, <event>: MM_DONE, EV_ERROR-->MM_BLD_MSG5, EV_GROUP_LOOKUP-->MM_BLD_MSG5, EV_TEST_CERT-->MM_BLD_MSG5, EV_SECRET_KEY_OK-->MM_BLD_MSG5, NullEvent-->MM_BLD_MSG5, EV_GEN_SECRET_KEY-->MM_WAIT_MSG4, EV_PROCESS_MSG-->MM_WAIT_MSG4, EV_RCV_MSG 4|Sep 02 2015|09:24:08|713903|||Group = ***.***.***.**4, IP = ***.***.***.**4, Can't find a valid tunnel group, aborting...! 7|Sep 02 2015|09:24:08|713906|||IP = ***.***.***.**4, computing NAT Discovery hash 7|Sep 02 2015|09:24:08|715047|||IP = ***.***.***.**4, processing NAT-Discovery payload 7|Sep 02 2015|09:24:08|713906|||IP = ***.***.***.**4, computing NAT Discovery hash 7|Sep 02 2015|09:24:08|715047|||IP = ***.***.***.**4, processing NAT-Discovery payload 7|Sep 02 2015|09:24:08|715047|||IP = ***.***.***.**4, processing VID payload 7|Sep 02 2015|09:24:08|715047|||IP = ***.***.***.**4, processing nonce payload 7|Sep 02 2015|09:24:08|715047|||IP = ***.***.***.**4, processing ISA_KE payload 7|Sep 02 2015|09:24:08|715047|||IP = ***.***.***.**4, processing ke payload 7|Sep 02 2015|09:24:08|713236|||IP = ***.***.***.**4, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + VENDOR (13) + NAT-D (130) + NAT-D (130) + NONE (0) total length : 248 7|Sep 02 2015|09:24:08|713236|||IP = ***.***.***.**4, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NAT-D (130) + NAT-D (130) + NONE (0) total length : 304 7|Sep 02 2015|09:24:08|713906|||IP = ***.***.***.**4, computing NAT Discovery hash 7|Sep 02 2015|09:24:08|715046|||IP = ***.***.***.**4, constructing NAT-Discovery payload 7|Sep 02 2015|09:24:08|713906|||IP = ***.***.***.**4, computing NAT Discovery hash 7|Sep 02 2015|09:24:08|715046|||IP = ***.***.***.**4, constructing NAT-Discovery payload 7|Sep 02 2015|09:24:08|715048|||IP = ***.***.***.**4, Send Altiga/Cisco VPN3000/Cisco ASA GW VID 7|Sep 02 2015|09:24:08|715046|||IP = ***.***.***.**4, constructing VID payload 7|Sep 02 2015|09:24:08|715038|||IP = ***.***.***.**4, Constructing ASA spoofing IOS Vendor ID payload (version: 1.0.0, capabilities: 20000001) 7|Sep 02 2015|09:24:08|715048|||IP = ***.***.***.**4, Send IOS VID 7|Sep 02 2015|09:24:08|715046|||IP = ***.***.***.**4, constructing xauth V6 VID payload 7|Sep 02 2015|09:24:08|715046|||IP = ***.***.***.**4, constructing Cisco Unity VID payload 7|Sep 02 2015|09:24:08|715046|||IP = ***.***.***.**4, constructing nonce payload 7|Sep 02 2015|09:24:08|715046|||IP = ***.***.***.**4, constructing ke payload 7|Sep 02 2015|09:24:08|715047|||IP = ***.***.***.**4, processing VID payload 7|Sep 02 2015|09:24:08|715049|||IP = ***.***.***.**4, Received DPD VID 7|Sep 02 2015|09:24:08|715047|||IP = ***.***.***.**4, processing VID payload 7|Sep 02 2015|09:24:08|715049|||IP = ***.***.***.**4, Received NAT-Traversal ver 02 VID 7|Sep 02 2015|09:24:08|715047|||IP = ***.***.***.**4, processing VID payload 7|Sep 02 2015|09:24:08|713906|||IP = ***.***.***.**4, Oakley proposal is acceptable 7|Sep 02 2015|09:24:08|715047|||IP = ***.***.***.**4, processing SA payload 7|Sep 02 2015|09:24:08|713236|||IP = ***.***.***.**4, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 144 7|Sep 02 2015|09:24:08|713236|||IP = ***.***.***.**4, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 188 7|Sep 02 2015|09:24:08|715046|||IP = ***.***.***.**4, constructing Fragmentation VID + extended capabilities payload 7|Sep 02 2015|09:24:08|715046|||IP = ***.***.***.**4, constructing NAT-Traversal VID ver 03 payload 7|Sep 02 2015|09:24:08|715046|||IP = ***.***.***.**4, constructing NAT-Traversal VID ver 02 payload 7|Sep 02 2015|09:24:08|715046|||IP = ***.***.***.**4, constructing ISAKMP SA payload 5|Sep 02 2015|09:24:08|713041|||IP = ***.***.***.**4, IKE Initiator: New Phase 1, Intf inside, IKE Peer ***.***.***.**4 local Proxy Address 192.168.0.0, remote Proxy Address 192.168.1.0, Crypto map (outside_map) 7|Sep 02 2015|09:24:08|715077|||Pitcher: received a key acquire message, spi 0x0 7|Sep 02 2015|09:24:06|713236|||IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + NOTIFY (11) + NONE (0) total length : 68 4|Sep 02 2015|09:24:06|713903|||IP = ***.***.***.**4, Header invalid, missing SA payload! (next payload = 4)
Configuration ASA :
hostname ******* domain-name ****** enable password ********* encrypted passwd ********* encrypted names name ***.***.***.*** LAN_CA name ***.***.***.*** LAN_EY name ***.***.***.*** SR name ***.***.***.*** LAN_N name ***.***.***.*** WAN ! interface Vlan1 nameif inside security-level 100 ip address 192.168.0.100 255.255.255.0 ! interface Vlan2 nameif outside security-level 0 pppoe client vpdn group **** ip address pppoe ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 ! interface Ethernet0/2 ! interface Ethernet0/3 ! interface Ethernet0/4 ! interface Ethernet0/5 ! interface Ethernet0/6 ! interface Ethernet0/7 ! no ftp mode passive clock timezone CEST 1 clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00 dns server-group DefaultDNS domain-name .... access-list AS_splitTunnelAcl standard permit any access-list inside_nat0_outbound extended permit ip any LAN_CA 255.255.255.0 access-list inside_nat0_outbound extended permit ip LAN_CA 255.255.255.0 any access-list inside_nat0_outbound extended permit ip LAN_N 255.255.255.0 any access-list inside_nat0_outbound extended permit ip any LAN_N 255.255.255.0 access-list inside_nat0_outbound extended permit ip LAN_EY 255.255.255.0 LAN_CA 255.255.255.0 access-list outside_1_cryptomap extended permit ip LAN_EY 255.255.255.0 LAN_CA 255.255.255.0 access-list outside_2_cryptomap extended permit ip LAN_EY 255.255.255.0 LAN_CA 255.255.255.0 access-list N_splitTunnelAcl standard permit LAN_EY 255.255.255.0 access-list outside_1_cryptomap_1 extended permit ip LAN_EY 255.255.255.0 LAN_CA 255.255.255.0 pager lines 24 logging enable logging list VPN level critical class vpn logging asdm debugging logging class vpn asdm emergencies mtu inside 1500 mtu outside 1472 ip local pool VPN_N 192.168.4.2-192.168.4.10 mask 255.255.255.0 icmp unreachable rate-limit 1 burst-size 1 no asdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list inside_nat0_outbound nat (inside) 1 LAN_EYSINES 255.255.255.0 access-group outside_access_in in interface outside route outside 0.0.0.0 0.0.0.0 ***.***.***.*** 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute aaa authentication ssh console LOCAL aaa authentication telnet console LOCAL http server enable http ***.***.***.*** 255.255.255.255 outside http LAN_EY 255.255.255.0 inside http LAN_CA 255.255.255.0 inside http ***.***.***.*** 255.255.255.255 outside http ***.***.***.*** 255.255.255.255 outside http ***.***.***.*** 255.255.255.255 outside http LAN_N 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart sysopt connection tcpmss 0 crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto dynamic-map outside_dyn_map 20 set pfs group1 crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA crypto map outside_map 1 match address outside_1_cryptomap_1 crypto map outside_map 1 set pfs group1 crypto map outside_map 1 set peer ***.***.***.*** crypto map outside_map 1 set transform-set ESP-3DES-SHA crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map crypto map outside_map interface outside crypto isakmp enable inside crypto isakmp enable outside crypto isakmp policy 10 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 crypto isakmp policy 30 authentication pre-share encryption aes hash sha group 2 lifetime 86400 crypto isakmp nat-traversal 20 crypto isakmp ipsec-over-tcp port 10000 telnet timeout 5 ssh ***.***.***.*** 255.255.255.255 outside ssh timeout 5 ssh version 2 console timeout 0 vpdn group **** request dialout pppoe vpdn group **** localname ***/***** vpdn group **** ppp authentication pap vpdn username ***/***** password ********* dhcpd dns ***.***.***.*** ***.***.***.*** dhcpd auto_config outside ! dhcpd address 192.168.0.240-192.168.0.250 inside dhcpd dns 192.168.0.110 80.10.246.136 interface inside ! group-policy Nomades internal group-policy Nomades attributes vpn-tunnel-protocol IPSec split-tunnel-policy tunnelspecified split-tunnel-network-list value N_splitTunnelAcl group-policy VPN_EXT internal group-policy VPN_EXT attributes vpn-tunnel-protocol IPSec split-tunnel-policy tunnelspecified split-tunnel-network-list value AS_splitTunnelAcl username ****** password ******* encrypted privilege 0 username eraymond attributes vpn-group-policy Nomades username ******** password *********. encrypted privilege 15 username ******* attributes vpn-group-policy Nomades username ******* password ******* encrypted privilege 0 username ******** attributes vpn-group-policy Nomades tunnel-group VPN_EXT type ipsec-ra tunnel-group VPN_EXT general-attributes address-pool VPN_NOMADES default-group-policy VPN_EXT tunnel-group VPN_EXT ipsec-attributes pre-shared-key * tunnel-group VPN_CAS type ipsec-l2l tunnel-group VPN_CAS ipsec-attributes pre-shared-key * tunnel-group Nomades type ipsec-ra tunnel-group Nomades general-attributes address-pool VPN_NOMADES default-group-policy Nomades tunnel-group Nomades ipsec-attributes pre-shared-key * ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect icmp ! service-policy global_policy global prompt hostname context
Labels:
- Labels:
-
Remote Access
1 Reply 1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-07-2015 02:45 PM
You have obscured so much of the information in the ASA config that it is impossible to determine if it is correct or not. And the amount of obscured information in the log output makes it difficult to interpret. One thing that does stand out in the log output is this message
4|Sep 02 2015|09:24:08|713903|||Group = ***.***.***.**4, IP = ***.***.***.**4, Can't find a valid tunnel group, aborting...!
which suggests that your tunnel group configuration is not correct.
HTH
Rick
HTH
Rick
Rick
Learn, share, save
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide
Customers Also Viewed These Support Documents