cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
256
Views
5
Helpful
1
Replies
carl_townshend
Frequent Contributor

Vpn phase 1 mismatch but phase 1 completes

Hi all

we are getting the below errors on our asa when building a vpn to another asa, the error comes but then phase 1 is completed.

why is is showing the below? Is it just

part of the negotiation?

 

Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Group 2 Cfg'd: Group 1

1 ACCEPTED SOLUTION

Accepted Solutions
Rob Ingram
VIP Mentor

Hi,
The ASA will be configured with multiple IKEv1/ISAKMP policies. During phase 1 the ASA will send all configured policies to the remote peer, which will attempt to match against it's local policies until a match is found.

Therefore it would be expected to see some policies atttributes not being matched. The rest of the debug would confirm that attributes were matched and the IKEv1/ISAMP SA established, which you've confirmed has happened.

HTH

View solution in original post

1 REPLY 1
Rob Ingram
VIP Mentor

Hi,
The ASA will be configured with multiple IKEv1/ISAKMP policies. During phase 1 the ASA will send all configured policies to the remote peer, which will attempt to match against it's local policies until a match is found.

Therefore it would be expected to see some policies atttributes not being matched. The rest of the debug would confirm that attributes were matched and the IKEv1/ISAMP SA established, which you've confirmed has happened.

HTH

View solution in original post

Content for Community-Ad