Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
796
Views
0
Helpful
0
Replies

vpn issue asa s2s

bluesea2010
Level 5
Level 5

‎08-25-2021 12:46 AM

Hi,

the VPN was running, reachability was there between both sites. 

local subnets  in the acl 

192.168.1.0/24           

192.168.3.0/24

remote subnets  in the acl 

192.168.2.0/24           

192.168.4.0/24

Suddenly from the remote site cannot reach local (not all ) 

for example  

192.168.4.0 can reach 192.168.1.0 but  3.0 can't 

 

Here is the debug  output  debug crypto platform 127

 

NT PKT [CREATE_CHILD_SA] [Localpeer]:500->[Remotepeer]:500 InitSPI=0xccbd78aa1266750f RespSPI=0xffb935a6e42bcbcb MID=00000d35
IKEv2-PLAT-3: RECV PKT [CREATE_CHILD_SA] [Remotepeer]:500->[Localpeer]:500 InitSPI=0xccbd78aa1266750f RespSPI=0xffb935a6e42bcbcb MID=00000d35
IKEv2-PLAT-5: Negotiating SA request deleted
IKEv2-PLAT-1: Failed to decrement count for incoming negotiating
IKEv2-PLAT-1: Failed to remove peer correlation entry from cikePeerCorrTable. Local Type = 0. Local Address = 0.0.0.0. Remote Type = 0. Remote Address = 0.0.0.0. Correlation Peer Index = 0. IPSEC Tunnel Index = 0.
IKEv2-PLAT-2: Received PFKEY delete SA for SPI 0x6761E89D error FALSE
IKEv2-PLAT-5: Failed to obtain next entry for cikeTunnelTable. Index = 225120256.
IKEv2-PLAT-5: Failed to obtain next entry for cikeTunnelTable. Index = 225120256.
IKEv2-PLAT-5: Failed to obtain next entry for cikeTunnelTable. Index = 225120256.
IKEv2-PLAT-5: Failed to obtain next entry for cikeTunnelTable. Index = 225120256.
IKEv2-PLAT-5: Failed to obtain next entry for cikeTunnelTable. Index = 225120256.
IKEv2-PLAT-5: Failed to obtain next entry for cikeTunnelTable. Index = 225120256.
IKEv2-PLAT-5: Failed to obtain next entry for cikeTunnelTable. Index = 225120256.
IKEv2-PLAT-5: Failed to obtain next entry for cikeTunnelTable. Index = 225120256.
IKEv2-PLAT-5: Failed to obtain next entry for cikeTunnelTable. Index = 225120256.
IKEv2-PLAT-5: Failed to obtain next entry for cikeTunnelTable. Index = 225120256.
IKEv2-PLAT-5: Failed to obtain next entry for cikeTunnelTable. Index = 225120256.
IKEv2-PLAT-5: Failed to obtain next entry for cikeTunnelTable. Index = 225120256.
IKEv2-PLAT-5: Failed to obtain next entry for cikeTunnelTable. Index = 225120256.
IKEv2-PLAT-5: Failed to obtain next entry for cikeTunnelTable. Index = 225120256.
IKEv2-PLAT-2: Received PFKEY Acquire SA for SPI 0x0, error FALSE
IKEv2-PLAT-5: INVALID PSH HANDLE
IKEv2-PLAT-2: attempting to find tunnel group for IP: Remotepeer
IKEv2-PLAT-2: mapped to tunnel group Remotepeer using peer IP
IKEv2-PLAT-5: INVALID PSH HANDLE
IKEv2-PLAT-2: my_auth_method = 2
IKEv2-PLAT-2: supported_peers_auth_method = 2
IKEv2-PLAT-2: P1 ID = 255
IKEv2-PLAT-5: INVALID PSH HANDLE
IKEv2-PLAT-5: INVALID PSH HANDLE
IKEv2-PLAT-2: Received PFKEY SPI callback for SPI 0xAC0B68BA, error FALSE
IKEv2-PLAT-2:
IKEv2 received all requested SPIs from CTM to initiate tunnel.
IKEv2-PLAT-5: INVALID PSH HANDLE
IKEv2-PLAT-5: INVALID PSH HANDLE
IKEv2-PLAT-2: tp_name set to:
IKEv2-PLAT-2: tg_name set to: Remotepeer
IKEv2-PLAT-2: tunn grp type set to: L2L
IKEv2-PLAT-2: (5597): PSH cleanup
IKEv2-PLAT-3: (787): SENT PKT [CREATE_CHILD_SA] [Localpeer]:500->[Remotepeer]:500 InitSPI=0xccbd78aa1266750f RespSPI=0xffb935a6e42bcbcb MID=00000d36
IKEv2-PLAT-3: RECV PKT [CREATE_CHILD_SA] [Remotepeer]:500->[Localpeer]:500 InitSPI=0xccbd78aa1266750f RespSPI=0xffb935a6e42bcbcb MID=00000d36
IKEv2-PLAT-5: Negotiating SA request deleted
IKEv2-PLAT-1: Failed to decrement count for incoming negotiating
IKEv2-PLAT-1: Failed to remove peer correlation entry from cikePeerCorrTable. Local Type = 0. Local Address = 0.0.0.0. Remote Type = 0. Remote Address = 0.0.0.0. Correlation Peer Index = 0. IPSEC Tunnel Index = 0.
IKEv2-PLAT-2: Received PFKEY delete SA for SPI 0xAC0B68BA error FALSE
IKEv2-PLAT-2: Received PFKEY DPD for SPI 0x9751D32D, error FALSE
IKEv2-PLAT-2: Received PFKEY DPD for SPI 0xADBDD12F, error FALSE
IKEv2-PLAT-2: Received PFKEY DPD for SPI 0x97123227, error FALSE
IKEv2-PLAT-2: Received PFKEY DPD for SPI 0x4BEBD8E0, error FALSE

IKEv2-PLAT-3: (787): SENT PKT [INFORMATIONAL] [Localpeer]:500->[Remotepeer]:500 InitSPI=0xccbd78aa1266750f RespSPI=0xffb935a6e42bcbcb MID=00000d37

IKEv2-PLAT-3: RECV PKT [INFORMATIONAL] [Remotepeer]:500->[Localpeer]:500 InitSPI=0xccbd78aa1266750f RespSPI=0xffb935a6e42bcbcb MID=00000d37

 

Thanks 

 

 

 

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents