Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
902
Views
0
Helpful
2
Replies

Remote Access VPN - Phase-1

Abdul Azeem
Level 1
Level 1

‎10-08-2013 05:11 AM - edited ‎02-21-2020 07:12 PM

  Hi all,

  i have configure the remote access vpn on my ASA 5505 but when i am trying to connect with vpn client it is giving me the following errors.

please find below the logs generated from debug cry isa  and deb cry ips.

The connectivity is in this way mobily modem ---> firewall ---> router ---> switch ---> users

ToysRus(config)# Oct 07 21:27:25 [IKEv1]: IP = 79.170.55.243, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + KE (4) + NONCE (10) + ID (5) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 858
Oct 07 21:27:25 [IKEv1 DEBUG]: IP = 79.170.55.243, processing SA payload
Oct 07 21:27:25 [IKEv1 DEBUG]: IP = 79.170.55.243, processing ke payload
Oct 07 21:27:25 [IKEv1 DEBUG]: IP = 79.170.55.243, processing ISA_KE payload
Oct 07 21:27:25 [IKEv1 DEBUG]: IP = 79.170.55.243, processing nonce payload
Oct 07 21:27:25 [IKEv1 DEBUG]: IP = 79.170.55.243, processing ID payload
Oct 07 21:27:25 [IKEv1 DEBUG]: IP = 79.170.55.243, processing VID payload
Oct 07 21:27:25 [IKEv1 DEBUG]: IP = 79.170.55.243, Received xauth V6 VID
Oct 07 21:27:25 [IKEv1 DEBUG]: IP = 79.170.55.243, processing VID payload
Oct 07 21:27:25 [IKEv1 DEBUG]: IP = 79.170.55.243, Received DPD VID
Oct 07 21:27:25 [IKEv1 DEBUG]: IP = 79.170.55.243, processing VID payload
Oct 07 21:27:25 [IKEv1 DEBUG]: IP = 79.170.55.243, Received Fragmentation VID
Oct 07 21:27:25 [IKEv1 DEBUG]: IP = 79.170.55.243, IKE Peer included IKE fragmentation capability flags:  Main Mode:        True  Aggressive Mode:  False
Oct 07 21:27:25 [IKEv1 DEBUG]: IP = 79.170.55.243, processing VID payload
Oct 07 21:27:25 [IKEv1 DEBUG]: IP = 79.170.55.243, Received NAT-Traversal ver 02 VID
Oct 07 21:27:25 [IKEv1 DEBUG]: IP = 79.170.55.243, processing VID payload
Oct 07 21:27:25 [IKEv1 DEBUG]: IP = 79.170.55.243, Received Cisco Unity client VID
Oct 07 21:27:25 [IKEv1]: IP = 79.170.55.243, Connection landed on tunnel_group toysrus-mobily
Oct 07 21:27:25 [IKEv1 DEBUG]: Group = toysrus-mobily, IP = 79.170.55.243, processing IKE SA payload
Oct 07 21:27:25 [IKEv1 DEBUG]: Group = toysrus-mobily, IP = 79.170.55.243, IKE SA Proposal # 1, Transform # 9 acceptable  Matches global IKE entry # 1
Oct 07 21:27:25 [IKEv1 DEBUG]: Group = toysrus-mobily, IP = 79.170.55.243, constructing ISAKMP SA payload
Oct 07 21:27:25 [IKEv1 DEBUG]: Group = toysrus-mobily, IP = 79.170.55.243, constructing ke payload
Oct 07 21:27:25 [IKEv1 DEBUG]: Group = toysrus-mobily, IP = 79.170.55.243, constructing nonce payload
Oct 07 21:27:25 [IKEv1 DEBUG]: Group = toysrus-mobily, IP = 79.170.55.243, Generating keys for Responder...
Oct 07 21:27:25 [IKEv1 DEBUG]: Group = toysrus-mobily, IP = 79.170.55.243, constructing ID payload
Oct 07 21:27:25 [IKEv1 DEBUG]: Group = toysrus-mobily, IP = 79.170.55.243, constructing hash payload
Oct 07 21:27:25 [IKEv1 DEBUG]: Group = toysrus-mobily, IP = 79.170.55.243, Computing hash for ISAKMP
Oct 07 21:27:25 [IKEv1 DEBUG]: Group = toysrus-mobily, IP = 79.170.55.243, constructing Cisco Unity VID payload
Oct 07 21:27:25 [IKEv1 DEBUG]: Group = toysrus-mobily, IP = 79.170.55.243, constructing xauth V6 VID payload
Oct 07 21:27:25 [IKEv1 DEBUG]: Group = toysrus-mobily, IP = 79.170.55.243, constructing dpd vid payload
Oct 07 21:27:25 [IKEv1 DEBUG]: Group = toysrus-mobily, IP = 79.170.55.243, constructing NAT-Traversal VID ver 02 payload
Oct 07 21:27:25 [IKEv1 DEBUG]: Group = toysrus-mobily, IP = 79.170.55.243, constructing NAT-Discovery payload
Oct 07 21:27:25 [IKEv1 DEBUG]: Group = toysrus-mobily, IP = 79.170.55.243, computing NAT Discovery hash
Oct 07 21:27:25 [IKEv1 DEBUG]: Group = toysrus-mobily, IP = 79.170.55.243, constructing NAT-Discovery payload
Oct 07 21:27:25 [IKEv1 DEBUG]: Group = toysrus-mobily, IP = 79.170.55.243, computing NAT Discovery hash
Oct 07 21:27:25 [IKEv1 DEBUG]: Group = toysrus-mobily, IP = 79.170.55.243, constructing Fragmentation VID + extended capabilities payload
Oct 07 21:27:25 [IKEv1 DEBUG]: Group = toysrus-mobily, IP = 79.170.55.243, constructing VID payload
Oct 07 21:27:25 [IKEv1 DEBUG]: Group = toysrus-mobily, IP = 79.170.55.243, Send Altiga/Cisco VPN3000/Cisco ASA GW VID
Oct 07 21:27:25 [IKEv1]: IP = 79.170.55.243, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + KE (4) + NONCE (10) + ID (5) + HASH (8) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NAT-D (130) + NAT-D (130) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 440
Oct 07 21:27:31 [IKEv1]: Group = toysrus-mobily, IP = 79.170.55.243, Duplicate Phase 1 packet detected.  Retransmitting last packet.
Oct 07 21:27:31 [IKEv1]: Group = toysrus-mobily, IP = 79.170.55.243, P1 Retransmit msg dispatched to AM FSM
Oct 07 21:27:35 [IKEv1]: Group = toysrus-mobily, IP = 79.170.55.243, Duplicate Phase 1 packet detected.  Retransmitting last packet.
Oct 07 21:27:35 [IKEv1]: Group = toysrus-mobily, IP = 79.170.55.243, P1 Retransmit msg dispatched to AM FSM
Oct 07 21:27:41 [IKEv1]: Group = toysrus-mobily, IP = 79.170.55.243, Duplicate Phase 1 packet detected.  Retransmitting last packet.
Oct 07 21:27:41 [IKEv1]: Group = toysrus-mobily, IP = 79.170.55.243, P1 Retransmit msg dispatched to AM FSM
Oct 07 21:27:49 [IKEv1 DEBUG]: Group = toysrus-mobily, IP = 79.170.55.243, IKE AM Responder FSM error history (struct &0x41f2598)  <state>, <event>:  AM_DONE, EV_ERROR-->AM_WAIT_MSG3, EV_PROB_AUTH_FAIL-->AM_WAIT_MSG3, EV_TIMEOUT-->AM_WAIT_MSG3, NullEvent-->AM_SND_MSG2, EV_CRYPTO_ACTIVE-->AM_SND_MSG2, EV_SND_MSG-->AM_SND_MSG2, EV_START_TMR-->AM_SND_MSG2, EV_RESEND_MSG
Oct 07 21:27:49 [IKEv1 DEBUG]: Group = toysrus-mobily, IP = 79.170.55.243, IKE SA AM:dd5661f0 terminating:  flags 0x0104c001, refcnt 0, tuncnt 0
Oct 07 21:27:49 [IKEv1 DEBUG]: Group = toysrus-mobily, IP = 79.170.55.243, sending delete/delete with reason message
Oct 07 21:27:49 [IKEv1 DEBUG]: Group = toysrus-mobily, IP = 79.170.55.243, constructing blank hash payload
Oct 07 21:27:49 [IKEv1 DEBUG]: Group = toysrus-mobily, IP = 79.170.55.243, constructing IKE delete payload
Oct 07 21:27:49 [IKEv1 DEBUG]: Group = toysrus-mobily, IP = 79.170.55.243, constructing qm hash payload
Oct 07 21:27:49 [IKEv1]: IP = 79.170.55.243, IKE_DECODE SENDING Message (msgid=6a1f1842) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 80
Oct 07 21:27:49 [IKEv1]: Group = toysrus-mobily, IP = 79.170.55.243, Removing peer from peer table failed, no match!
Oct 07 21:27:49 [IKEv1]: Group = toysrus-mobily, IP = 79.170.55.243, Error: Unable to remove PeerTblEntry

        Any response will be highly appreciated. I am stuck here.

Labels:
0 Helpful
2 Replies 2

Markus Thun
Level 1
Level 1

‎10-08-2013 05:18 AM

Look at this link: http://it-certification-network.blogspot.de/2008/11/tunnel-is-not-established-phase-i.html

i hope it is helpful.

Greets

Markus

0 Helpful

rizwanr74
Level 7
Level 7

‎10-08-2013 07:15 AM

Dear Abdul,

Please post your running config, so that it is much easy to diagnose the problem, don't forget to remove security stuff such as password or username from the config

thanks

Rizwan Rafeek.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents