cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1813
Views
0
Helpful
1
Replies
Highlighted
Beginner

Unable to establish VPN connection

Hi,

I have these errors messages found in  the ASA box. What does it mean and how to go about to troubleshoot it.

%ASA-7-713906: IP = x.x.x.x, Trying to find group via cert rules...

%ASA-7-713906: IP = x.x.x.x, Connection landed on tunnel_group TEST

%ASA-7-715063: Group = TEST, IP = x.x.x.x, Successfully assembled an encrypted pkt from rcv'd fragments!

%ASA-5-713201: Group = TEST, IP = x.x.x.x, Duplicate Phase 1 packet detected.  Retransmitting last packet.

%ASA-6-713905: Group = TEST, IP = x.x.x.x, P1 Retransmit msg dispatched to MM FSM

%ASA-7-715063: Group = TEST, IP = x.x.x.x, Successfully assembled an encrypted pkt from rcv'd fragments!

%ASA-5-713201: Group = TEST, IP = x.x.x.x, Duplicate Phase 1 packet detected.  Retransmitting last packet.

%ASA-6-713905: Group = TEST, IP = x.x.x.x, P1 Retransmit msg dispatched to MM FSM

%ASA-5-713904: Group = TEST, IP = x.x.x.x, Certificate Validation Failed %ASA-7-713906: IP = x.x.x.x, Trying to find group via cert rules...
%ASA-7-713906: IP = x.x.x.x, Connection landed on tunnel_group TEST
%ASA-7-715063: Group = TEST, IP = x.x.x.x, Successfully assembled an encrypted pkt from rcv'd fragments!
%ASA-5-713201: Group = TEST, IP = x.x.x.x, Duplicate Phase 1 packet detected.  Retransmitting last packet.
%ASA-6-713905: Group = TEST, IP = x.x.x.x, P1 Retransmit msg dispatched to MM FSM
%ASA-7-715063: Group = TEST, IP = x.x.x.x, Successfully assembled an encrypted pkt from rcv'd fragments!
%ASA-5-713201: Group = TEST, IP = x.x.x.x, Duplicate Phase 1 packet detected.  Retransmitting last packet.
%ASA-6-713905: Group = TEST, IP = x.x.x.x, P1 Retransmit msg dispatched to MM FSM
%ASA-5-713904: Group = TEST, IP = x.x.x.x, Certificate Validation Failed

Thank a lot

1 REPLY 1
Highlighted
Cisco Employee

It seems that the certificate validation has failed.

I would try to use pre-shared key first as the authentication instead of certificate, and ensuring that VPN Client connects successfully, and once using pre-shared key is successful, then you can move to use certificate and focusing on troubleshooting the certificate if VPN connection fails.