- Cisco Community
- Technology and Support
- Security
- VPN
- Re: VPN is not coming up between ASA and AWS
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-24-2020 08:45 AM
I have a VPN between Cisco ASA and AWS and is not coming up. Seems like it stuck after 5th Main Mode message. Need some help to understand the VPN debug taken on ASA.
#####Below is the debugs::::
Sep 24 15:30:26 [IKEv1]IP = 34.240.63.7, IKE Initiator: New Phase 1, Intf inside, IKE Peer 34.240.63.7 local Proxy Address 0.0.0.0, remote Proxy Address 10.19.0.0, Crypto map (ohio-asa-dub-tgw)
Sep 24 15:30:26 [IKEv1 DEBUG]IP = 34.240.63.7, constructing ISAKMP SA payload
Sep 24 15:30:26 [IKEv1 DEBUG]IP = 34.240.63.7, constructing NAT-Traversal VID ver 02 payload
Sep 24 15:30:26 [IKEv1 DEBUG]IP = 34.240.63.7, constructing NAT-Traversal VID ver 03 payload
Sep 24 15:30:26 [IKEv1 DEBUG]IP = 34.240.63.7, constructing NAT-Traversal VID ver RFC payload
Sep 24 15:30:26 [IKEv1 DEBUG]IP = 34.240.63.7, constructing Fragmentation VID + extended capabilities payload
Sep 24 15:30:26 [IKEv1]IP = 34.240.63.7, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 172
Sep 24 15:30:26 [IKEv1]IP = 34.240.63.7, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 160
Sep 24 15:30:26 [IKEv1 DEBUG]IP = 34.240.63.7, processing SA payload
Sep 24 15:30:26 [IKEv1 DEBUG]IP = 34.240.63.7, Oakley proposal is acceptable
Sep 24 15:30:26 [IKEv1 DEBUG]IP = 34.240.63.7, processing VID payload
Sep 24 15:30:26 [IKEv1 DEBUG]IP = 34.240.63.7, Received xauth V6 VID
Sep 24 15:30:26 [IKEv1 DEBUG]IP = 34.240.63.7, processing VID payload
Sep 24 15:30:26 [IKEv1 DEBUG]IP = 34.240.63.7, Received DPD VID
Sep 24 15:30:26 [IKEv1 DEBUG]IP = 34.240.63.7, processing VID payload
Sep 24 15:30:26 [IKEv1 DEBUG]IP = 34.240.63.7, Received Fragmentation VID
Sep 24 15:30:26 [IKEv1 DEBUG]IP = 34.240.63.7, IKE Peer included IKE fragmentation capability flags: Main Mode: True Aggressive Mode: False
Sep 24 15:30:26 [IKEv1 DEBUG]IP = 34.240.63.7, processing VID payload
Sep 24 15:30:26 [IKEv1 DEBUG]IP = 34.240.63.7, Received NAT-Traversal RFC VID
Sep 24 15:30:26 [IKEv1 DEBUG]IP = 34.240.63.7, constructing ke payload
Sep 24 15:30:26 [IKEv1 DEBUG]IP = 34.240.63.7, constructing nonce payload
Sep 24 15:30:26 [IKEv1 DEBUG]IP = 34.240.63.7, constructing Cisco Unity VID payload
Sep 24 15:30:26 [IKEv1 DEBUG]IP = 34.240.63.7, constructing xauth V6 VID payload
Sep 24 15:30:26 [IKEv1 DEBUG]IP = 34.240.63.7, Send IOS VID
Sep 24 15:30:26 [IKEv1 DEBUG]IP = 34.240.63.7, Constructing ASA spoofing IOS Vendor ID payload (version: 1.0.0, capabilities: 20000001)
Sep 24 15:30:26 [IKEv1 DEBUG]IP = 34.240.63.7, constructing VID payload
Sep 24 15:30:26 [IKEv1 DEBUG]IP = 34.240.63.7, Send Altiga/Cisco VPN3000/Cisco ASA GW VID
Sep 24 15:30:26 [IKEv1 DEBUG]IP = 34.240.63.7, constructing NAT-Discovery payload
Sep 24 15:30:26 [IKEv1 DEBUG]IP = 34.240.63.7, computing NAT Discovery hash
Sep 24 15:30:26 [IKEv1 DEBUG]IP = 34.240.63.7, constructing NAT-Discovery payload
Sep 24 15:30:26 [IKEv1 DEBUG]IP = 34.240.63.7, computing NAT Discovery hash
Sep 24 15:30:26 [IKEv1]IP = 34.240.63.7, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NAT-D (20) + NAT-D (20) + NONE (0) total length : 304
Sep 24 15:30:27 [IKEv1]IP = 34.240.63.7, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + NAT-D (20) + NAT-D (20) + NONE (0) total length : 244
Sep 24 15:30:27 [IKEv1 DEBUG]IP = 34.240.63.7, processing ke payload
Sep 24 15:30:27 [IKEv1 DEBUG]IP = 34.240.63.7, processing ISA_KE payload
Sep 24 15:30:27 [IKEv1 DEBUG]IP = 34.240.63.7, processing nonce payload
Sep 24 15:30:27 [IKEv1 DEBUG]IP = 34.240.63.7, processing NAT-Discovery payload
Sep 24 15:30:27 [IKEv1 DEBUG]IP = 34.240.63.7, computing NAT Discovery hash
Sep 24 15:30:27 [IKEv1 DEBUG]IP = 34.240.63.7, processing NAT-Discovery payload
Sep 24 15:30:27 [IKEv1 DEBUG]IP = 34.240.63.7, computing NAT Discovery hash
Sep 24 15:30:27 [IKEv1]IP = 34.240.63.7, Connection landed on tunnel_group 34.240.63.7
Sep 24 15:30:27 [IKEv1 DEBUG]Group = 34.240.63.7, IP = 34.240.63.7, Generating keys for Initiator...
Sep 24 15:30:27 [IKEv1 DEBUG]Group = 34.240.63.7, IP = 34.240.63.7, constructing ID payload
Sep 24 15:30:27 [IKEv1 DEBUG]Group = 34.240.63.7, IP = 34.240.63.7, constructing hash payload
Sep 24 15:30:27 [IKEv1 DEBUG]Group = 34.240.63.7, IP = 34.240.63.7, Computing hash for ISAKMP
Sep 24 15:30:27 [IKEv1 DEBUG]Group = 34.240.63.7, IP = 34.240.63.7, constructing dpd vid payload
Sep 24 15:30:27 [IKEv1]IP = 34.240.63.7, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + ID (5) + HASH (8) + VENDOR (13) + NONE (0) total length : 84
Sep 24 15:30:27 [IKEv1]Group = 34.240.63.7, IP = 34.240.63.7, Automatic NAT Detection Status: Remote end IS behind a NAT device This end IS behind a NAT device
Sep 24 15:30:27 [IKEv1]Group = 34.240.63.7, IP = 34.240.63.7, Floating NAT-T to port 4500
Sep 24 15:30:59 [IKEv1 DEBUG]Group = 34.240.63.7, IP = 34.240.63.7, IKE MM Initiator FSM error history (struct &0x00007f11ed60c530) <state>, <event>: MM_DONE, EV_ERROR-->MM_WAIT_MSG6, EV_PROB_AUTH_FAIL-->MM_WAIT_MSG6, EV_TIMEOUT-->MM_WAIT_MSG6, NullEvent-->MM_SND_MSG5, EV_SND_MSG-->MM_SND_MSG5, EV_START_TMR-->MM_SND_MSG5, EV_RESEND_MSG-->MM_WAIT_MSG6, EV_TIMEOUT
Sep 24 15:30:59 [IKEv1 DEBUG]Group = 34.240.63.7, IP = 34.240.63.7, IKE SA MM:55ea9113 terminating: flags 0x01008022, refcnt 0, tuncnt 0
Sep 24 15:30:59 [IKEv1 DEBUG]Group = 34.240.63.7, IP = 34.240.63.7, sending delete/delete with reason message
Sep 24 15:30:59 [IKEv1 DEBUG]Group = 34.240.63.7, IP = 34.240.63.7, constructing blank hash payload
Sep 24 15:30:59 [IKEv1 DEBUG]Group = 34.240.63.7, IP = 34.240.63.7, constructing IKE delete payload
Sep 24 15:30:59 [IKEv1 DEBUG]Group = 34.240.63.7, IP = 34.240.63.7, constructing qm hash payload
Sep 24 15:30:59 [IKEv1]IP = 34.240.63.7, IKE_DECODE SENDING Message (msgid=dc9ab14a) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 80
Sep 24 15:31:36 [IKEv1]IP = 34.240.63.7, IKE Initiator: New Phase 1, Intf inside, IKE Peer 34.240.63.7 local Proxy Address 0.0.0.0, remote Proxy Address 10.19.0.0, Crypto map (ohio-asa-dub-tgw)
Sep 24 15:31:36 [IKEv1 DEBUG]IP = 34.240.63.7, constructing ISAKMP SA payload
Sep 24 15:31:36 [IKEv1 DEBUG]IP = 34.240.63.7, constructing NAT-Traversal VID ver 02 payload
Sep 24 15:31:36 [IKEv1 DEBUG]IP = 34.240.63.7, constructing NAT-Traversal VID ver 03 payload
Sep 24 15:31:36 [IKEv1 DEBUG]IP = 34.240.63.7, constructing NAT-Traversal VID ver RFC payload
Sep 24 15:31:36 [IKEv1 DEBUG]IP = 34.240.63.7, constructing Fragmentation VID + extended capabilities payload
Sep 24 15:31:36 [IKEv1]IP = 34.240.63.7, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 172
Sep 24 15:31:36 [IKEv1]IP = 34.240.63.7, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 160
Sep 24 15:31:36 [IKEv1 DEBUG]IP = 34.240.63.7, processing SA payload
Sep 24 15:31:36 [IKEv1 DEBUG]IP = 34.240.63.7, Oakley proposal is acceptable
Sep 24 15:31:36 [IKEv1 DEBUG]IP = 34.240.63.7, processing VID payload
Sep 24 15:31:36 [IKEv1 DEBUG]IP = 34.240.63.7, Received xauth V6 VID
Sep 24 15:31:36 [IKEv1 DEBUG]IP = 34.240.63.7, processing VID payload
Sep 24 15:31:36 [IKEv1 DEBUG]IP = 34.240.63.7, Received DPD VID
Sep 24 15:31:36 [IKEv1 DEBUG]IP = 34.240.63.7, processing VID payload
Sep 24 15:31:36 [IKEv1 DEBUG]IP = 34.240.63.7, Received Fragmentation VID
Sep 24 15:31:36 [IKEv1 DEBUG]IP = 34.240.63.7, IKE Peer included IKE fragmentation capability flags: Main Mode: True Aggressive Mode: False
Sep 24 15:31:36 [IKEv1 DEBUG]IP = 34.240.63.7, processing VID payload
Sep 24 15:31:36 [IKEv1 DEBUG]IP = 34.240.63.7, Received NAT-Traversal RFC VID
Sep 24 15:31:36 [IKEv1 DEBUG]IP = 34.240.63.7, constructing ke payload
Sep 24 15:31:36 [IKEv1 DEBUG]IP = 34.240.63.7, constructing nonce payload
Sep 24 15:31:36 [IKEv1 DEBUG]IP = 34.240.63.7, constructing Cisco Unity VID payload
Sep 24 15:31:36 [IKEv1 DEBUG]IP = 34.240.63.7, constructing xauth V6 VID payload
Sep 24 15:31:36 [IKEv1 DEBUG]IP = 34.240.63.7, Send IOS VID
Sep 24 15:31:36 [IKEv1 DEBUG]IP = 34.240.63.7, Constructing ASA spoofing IOS Vendor ID payload (version: 1.0.0, capabilities: 20000001)
Sep 24 15:31:36 [IKEv1 DEBUG]IP = 34.240.63.7, constructing VID payload
Sep 24 15:31:36 [IKEv1 DEBUG]IP = 34.240.63.7, Send Altiga/Cisco VPN3000/Cisco ASA GW VID
Sep 24 15:31:36 [IKEv1 DEBUG]IP = 34.240.63.7, constructing NAT-Discovery payload
Sep 24 15:31:36 [IKEv1 DEBUG]IP = 34.240.63.7, computing NAT Discovery hash
Sep 24 15:31:36 [IKEv1 DEBUG]IP = 34.240.63.7, constructing NAT-Discovery payload
Sep 24 15:31:36 [IKEv1 DEBUG]IP = 34.240.63.7, computing NAT Discovery hash
Sep 24 15:31:36 [IKEv1]IP = 34.240.63.7, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NAT-D (20) + NAT-D (20) + NONE (0) total length : 304
Sep 24 15:31:37 [IKEv1]IP = 34.240.63.7, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + NAT-D (20) + NAT-D (20) + NONE (0) total length : 244
Sep 24 15:31:37 [IKEv1 DEBUG]IP = 34.240.63.7, processing ke payload
Sep 24 15:31:37 [IKEv1 DEBUG]IP = 34.240.63.7, processing ISA_KE payload
Sep 24 15:31:37 [IKEv1 DEBUG]IP = 34.240.63.7, processing nonce payload
Sep 24 15:31:37 [IKEv1 DEBUG]IP = 34.240.63.7, processing NAT-Discovery payload
Sep 24 15:31:37 [IKEv1 DEBUG]IP = 34.240.63.7, computing NAT Discovery hash
Sep 24 15:31:37 [IKEv1 DEBUG]IP = 34.240.63.7, processing NAT-Discovery payload
Sep 24 15:31:37 [IKEv1 DEBUG]IP = 34.240.63.7, computing NAT Discovery hash
Sep 24 15:31:37 [IKEv1]IP = 34.240.63.7, Connection landed on tunnel_group 34.240.63.7
Sep 24 15:31:37 [IKEv1 DEBUG]Group = 34.240.63.7, IP = 34.240.63.7, Generating keys for Initiator...
Sep 24 15:31:37 [IKEv1 DEBUG]Group = 34.240.63.7, IP = 34.240.63.7, constructing ID payload
Sep 24 15:31:37 [IKEv1 DEBUG]Group = 34.240.63.7, IP = 34.240.63.7, constructing hash payload
Sep 24 15:31:37 [IKEv1 DEBUG]Group = 34.240.63.7, IP = 34.240.63.7, Computing hash for ISAKMP
Sep 24 15:31:37 [IKEv1 DEBUG]Group = 34.240.63.7, IP = 34.240.63.7, constructing dpd vid payload
Sep 24 15:31:37 [IKEv1]IP = 34.240.63.7, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + ID (5) + HASH (8) + VENDOR (13) + NONE (0) total length : 84
Sep 24 15:31:37 [IKEv1]Group = 34.240.63.7, IP = 34.240.63.7, Automatic NAT Detection Status: Remote end IS behind a NAT device This end IS behind a NAT device
Sep 24 15:31:37 [IKEv1]Group = 34.240.63.7, IP = 34.240.63.7, Floating NAT-T to port 4500
Sep 24 15:32:09 [IKEv1 DEBUG]Group = 34.240.63.7, IP = 34.240.63.7, IKE MM Initiator FSM error history (struct &0x00007f11ed60c530) <state>, <event>: MM_DONE, EV_ERROR-->MM_WAIT_MSG6, EV_PROB_AUTH_FAIL-->MM_WAIT_MSG6, EV_TIMEOUT-->MM_WAIT_MSG6, NullEvent-->MM_SND_MSG5, EV_SND_MSG-->MM_SND_MSG5, EV_START_TMR-->MM_SND_MSG5, EV_RESEND_MSG-->MM_WAIT_MSG6, EV_TIMEOUT
Sep 24 15:32:09 [IKEv1 DEBUG]Group = 34.240.63.7, IP = 34.240.63.7, IKE SA MM:80d23304 terminating: flags 0x01008022, refcnt 0, tuncnt 0
Sep 24 15:32:09 [IKEv1 DEBUG]Group = 34.240.63.7, IP = 34.240.63.7, sending delete/delete with reason message
Sep 24 15:32:09 [IKEv1 DEBUG]Group = 34.240.63.7, IP = 34.240.63.7, constructing blank hash payload
Sep 24 15:32:09 [IKEv1 DEBUG]Group = 34.240.63.7, IP = 34.240.63.7, constructing IKE delete payload
Sep 24 15:32:09 [IKEv1 DEBUG]Group = 34.240.63.7, IP = 34.240.63.7, constructing qm hash payload
Sep 24 15:32:09 [IKEv1]IP = 34.240.63.7, IKE_DECODE SENDING Message (msgid=7f6a12e9) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 80
Sep 24 15:32:47 [IKEv1]IP = 34.240.63.7, IKE Initiator: New Phase 1, Intf inside, IKE Peer 34.240.63.7 local Proxy Address 0.0.0.0, remote Proxy Address 10.19.0.0, Crypto map (ohio-asa-dub-tgw)
Sep 24 15:32:47 [IKEv1 DEBUG]IP = 34.240.63.7, constructing ISAKMP SA payload
Sep 24 15:32:47 [IKEv1 DEBUG]IP = 34.240.63.7, constructing NAT-Traversal VID ver 02 payload
Sep 24 15:32:47 [IKEv1 DEBUG]IP = 34.240.63.7, constructing NAT-Traversal VID ver 03 payload
Sep 24 15:32:47 [IKEv1 DEBUG]IP = 34.240.63.7, constructing NAT-Traversal VID ver RFC payload
Sep 24 15:32:47 [IKEv1 DEBUG]IP = 34.240.63.7, constructing Fragmentation VID + extended capabilities payload
Sep 24 15:32:47 [IKEv1]IP = 34.240.63.7, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 172
Sep 24 15:32:47 [IKEv1]IP = 34.240.63.7, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 160
Sep 24 15:32:47 [IKEv1 DEBUG]IP = 34.240.63.7, processing SA payload
Sep 24 15:32:47 [IKEv1 DEBUG]IP = 34.240.63.7, Oakley proposal is acceptable
Sep 24 15:32:47 [IKEv1 DEBUG]IP = 34.240.63.7, processing VID payload
Sep 24 15:32:47 [IKEv1 DEBUG]IP = 34.240.63.7, Received xauth V6 VID
Sep 24 15:32:47 [IKEv1 DEBUG]IP = 34.240.63.7, processing VID payload
Sep 24 15:32:47 [IKEv1 DEBUG]IP = 34.240.63.7, Received DPD VID
Sep 24 15:32:47 [IKEv1 DEBUG]IP = 34.240.63.7, processing VID payload
Sep 24 15:32:47 [IKEv1 DEBUG]IP = 34.240.63.7, Received Fragmentation VID
Sep 24 15:32:47 [IKEv1 DEBUG]IP = 34.240.63.7, IKE Peer included IKE fragmentation capability flags: Main Mode: True Aggressive Mode: False
Sep 24 15:32:47 [IKEv1 DEBUG]IP = 34.240.63.7, processing VID payload
Sep 24 15:32:47 [IKEv1 DEBUG]IP = 34.240.63.7, Received NAT-Traversal RFC VID
Sep 24 15:32:47 [IKEv1 DEBUG]IP = 34.240.63.7, constructing ke payload
Sep 24 15:32:47 [IKEv1 DEBUG]IP = 34.240.63.7, constructing nonce payload
Sep 24 15:32:47 [IKEv1 DEBUG]IP = 34.240.63.7, constructing Cisco Unity VID payload
Sep 24 15:32:47 [IKEv1 DEBUG]IP = 34.240.63.7, constructing xauth V6 VID payload
Sep 24 15:32:47 [IKEv1 DEBUG]IP = 34.240.63.7, Send IOS VID
Sep 24 15:32:47 [IKEv1 DEBUG]IP = 34.240.63.7, Constructing ASA spoofing IOS Vendor ID payload (version: 1.0.0, capabilities: 20000001)
Sep 24 15:32:47 [IKEv1 DEBUG]IP = 34.240.63.7, constructing VID payload
Sep 24 15:32:47 [IKEv1 DEBUG]IP = 34.240.63.7, Send Altiga/Cisco VPN3000/Cisco ASA GW VID
Sep 24 15:32:47 [IKEv1 DEBUG]IP = 34.240.63.7, constructing NAT-Discovery payload
Sep 24 15:32:47 [IKEv1 DEBUG]IP = 34.240.63.7, computing NAT Discovery hash
Sep 24 15:32:47 [IKEv1 DEBUG]IP = 34.240.63.7, constructing NAT-Discovery payload
Sep 24 15:32:47 [IKEv1 DEBUG]IP = 34.240.63.7, computing NAT Discovery hash
Sep 24 15:32:47 [IKEv1]IP = 34.240.63.7, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NAT-D (20) + NAT-D (20) + NONE (0) total length : 304
Sep 24 15:32:47 [IKEv1]IP = 34.240.63.7, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + NAT-D (20) + NAT-D (20) + NONE (0) total length : 244
Sep 24 15:32:47 [IKEv1 DEBUG]IP = 34.240.63.7, processing ke payload
Sep 24 15:32:47 [IKEv1 DEBUG]IP = 34.240.63.7, processing ISA_KE payload
Sep 24 15:32:47 [IKEv1 DEBUG]IP = 34.240.63.7, processing nonce payload
Sep 24 15:32:47 [IKEv1 DEBUG]IP = 34.240.63.7, processing NAT-Discovery payload
Sep 24 15:32:47 [IKEv1 DEBUG]IP = 34.240.63.7, computing NAT Discovery hash
Sep 24 15:32:47 [IKEv1 DEBUG]IP = 34.240.63.7, processing NAT-Discovery payload
Sep 24 15:32:47 [IKEv1 DEBUG]IP = 34.240.63.7, computing NAT Discovery hash
Sep 24 15:32:47 [IKEv1]IP = 34.240.63.7, Connection landed on tunnel_group 34.240.63.7
Sep 24 15:32:47 [IKEv1 DEBUG]Group = 34.240.63.7, IP = 34.240.63.7, Generating keys for Initiator...
Sep 24 15:32:47 [IKEv1 DEBUG]Group = 34.240.63.7, IP = 34.240.63.7, constructing ID payload
Sep 24 15:32:47 [IKEv1 DEBUG]Group = 34.240.63.7, IP = 34.240.63.7, constructing hash payload
Sep 24 15:32:47 [IKEv1 DEBUG]Group = 34.240.63.7, IP = 34.240.63.7, Computing hash for ISAKMP
Sep 24 15:32:47 [IKEv1 DEBUG]Group = 34.240.63.7, IP = 34.240.63.7, constructing dpd vid payload
Sep 24 15:32:47 [IKEv1]IP = 34.240.63.7, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + ID (5) + HASH (8) + VENDOR (13) + NONE (0) total length : 84
Sep 24 15:32:47 [IKEv1]Group = 34.240.63.7, IP = 34.240.63.7, Automatic NAT Detection Status: Remote end IS behind a NAT device This end IS behind a NAT device
Sep 24 15:32:47 [IKEv1]Group = 34.240.63.7, IP = 34.240.63.7, Floating NAT-T to port 4500
Solved! Go to Solution.
- Labels:
-
VPN
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-24-2020 09:03 AM - edited 09-24-2020 09:05 AM
High level Couple of suggestions.
1. compare the config both the sides (if possible post the config here)
2. Do you have opened port 4500 both the side ?
MM_DONE, EV_ERROR-->MM_WAIT_MSG6, EV_PROB_AUTH_FAIL-->MM_WAIT_MSG6, EV_TIMEOUT-->MM_WAIT_MSG6, NullEvent-->MM_SND_MSG5, EV_SND_MSG-->MM_SND_MSG5, EV_START_TMR-->MM_SND_MSG5, EV_RESEND_MSG-->MM_WAIT_MSG6, EV_TIMEOUT Sep 24 15:32:09 [IKEv1 DEBUG]Group = 34.240.63.7, IP = 34.240.63.7, IKE SA MM:80d23304 terminating: flags 0x01008022, refcnt 0, tuncnt 0
handshake tips :
https://www.tunnelsup.com/isakmp-ike-phase-1-status-messages/
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-24-2020 08:53 AM
MM_DONE, EV_ERROR-->MM_WAIT_MSG6, EV_PROB_AUTH_FAIL-->MM_WAIT_MSG6
Please can you check your Pre-Shared Key on both ends is correct.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-24-2020 09:03 AM - edited 09-24-2020 09:05 AM
High level Couple of suggestions.
1. compare the config both the sides (if possible post the config here)
2. Do you have opened port 4500 both the side ?
MM_DONE, EV_ERROR-->MM_WAIT_MSG6, EV_PROB_AUTH_FAIL-->MM_WAIT_MSG6, EV_TIMEOUT-->MM_WAIT_MSG6, NullEvent-->MM_SND_MSG5, EV_SND_MSG-->MM_SND_MSG5, EV_START_TMR-->MM_SND_MSG5, EV_RESEND_MSG-->MM_WAIT_MSG6, EV_TIMEOUT Sep 24 15:32:09 [IKEv1 DEBUG]Group = 34.240.63.7, IP = 34.240.63.7, IKE SA MM:80d23304 terminating: flags 0x01008022, refcnt 0, tuncnt 0
handshake tips :
https://www.tunnelsup.com/isakmp-ike-phase-1-status-messages/
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-26-2020 06:30 AM
I was using the same PSK at both end. Still not sure why i was receiving the error. I re-created new VPN and it came up successfully.
Thank you for the help .
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide