vpn tunnel failed after changing ISP - no outgoing traffic

paulnigel · ‎02-27-2007

Hi forum,

Sorry, I am trying hard on this problem. initially my ASA firewall can ping the destination ASA firewall public IP. But after changing the ISP, by adding another router in front, I can't ping the remote ASA IP address, I am not sure this is the cause of my VPN tunnel to fail. but Internet access has no problem.

I really appreciate if anyone can help.

Thank you,

paul

---------------------------------.

Following are some errors captured:

Message #92 : Feb 06 00:48:54 [IKEv1]Message #93 : : IP = 2.2.2.2, Removing peer from peer table failed, no match!

Message #94 : Feb 06 00:48:54 [IKEv1]Message #95 : : IP = 2.2.2.2, Error: Unable to remove PeerTblEntry

Message #96 : Feb 06 11:39:40 [IKEv1]Message #97 : : Group = 2.2.2.2, IP = 2.2.2.2, Removing peer from peer table failed, no match!

Message #98 : Feb 06 11:39:40 [IKEv1]Message #99 : : Group = 2.2.2.2, IP = 2.2.2.2, Error: Unable to remove PeerTblEntry

Message #100 :

IKE_TMR DPD_TIMER (0x01383360) popped @ time = 1229314

<--- More --->

Message #101 :

IKE_TMR DPD_TIMER (0x01383360) popped @ time = 1229315

Message #102 :

Message #125 :

IKE_TMR REAPER_TIMER (0x01388260) popped @ time = 1229336

Message #126 :

Message #135 :

IKE_TMR DPD_TIMER (0x01383360) popped @ time = 1229345

Message #136 :

IKE_TMR BACKUP_L2L (0x013833d0) popped @ time = 1229346

Message #137 :

IKE_TMR REAPER_TIMER (0x01388260) popped @ time = 1229346

Message #138 :

IKE_TMR DPD_TIMER (0x01383360) popped @ time = 1229346

Message #139 : Feb 07 19:21:26 [IKEv1]Message #140 : : IP = 2.2.2.2, Removing peer from peer table failed, no match!

Message #141 : Feb 07 19:21:26 [IKEv1]Message #142 : : IP = 2.2.2.2, Error: Unable to remove PeerTblEntry

Message #143 : Feb 07 19:21:27 [IKEv1]Message #144 : : IP = 2.2.2.2, Header invalid, missing SA payload! (next payload = 4)

Message #145 : Feb 07 19:21:34 [IKEv1]Message #146 : : IP = 2.2.2.2, Header invalid, missing SA payload! (next payload = 4)

Message #147 : Feb 07 19:21:42 [IKEv1]Message #148 : : IP = 2.2.2.2, Header invalid, missing SA payload! (next payload = 4)

Message #149 : Feb 07 19:21:50 [IKEv1]Message #150 : : IP = 2.2.2.2, Header invalid, missing SA payload! (next payload = 4)

Message #151 : Feb 09 05:28:00 [IKEv1]Message #152 : : IP = 2.2.2.2, Removing peer from peer table failed, no match!

Message #153 : Feb 09 05:28:00 [IKEv1]Message #154 : : IP = 2.2.2.2, Error: Unable to remove PeerTblEntry

Message #155 : Feb 09 16:13:36 [IKEv1]Message #156 : : IP = 2.2.2.2, Removing peer from peer table failed, no match!

Message #157 : Feb 09 16:13:36 [IKEv1]Message #158 : : IP = 2.2.2.2, Error: Unable to remove PeerTblEntry

pixfirewall# ping 2.2.2.2

Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:

ICMP echo reply from 2.2.2.2 to 1.1.1.1 ID=4388 seq=58029 len=72

Denied ICMP type = 0, code = 0 from 2.2.2.2on interface 1

?ICMP echo reply from 2.2.2.2 to 1.1.1.1 ID=4388 seq=58029 len=72

Denied ICMP type = 0, code = 0 from 2.2.2.2on interface 1

?ICMP echo reply from 2.2.2.2 to 1.1.1.1 ID=4388 seq=58029 len=72

Kamal Malhotra · ‎02-28-2007

Hi,

Did you get the peer IP changed on the remote device?

If not, then please get that done.

HTH,

Please rate if it helps.

Regards,

Kamal

paulnigel · ‎02-28-2007

Hi Kamal,

Yes, the peer IP for the remote device was changed.

#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0

#pkts decaps: 52069, #pkts decrypt: 52069, #pkts verify: 52069

I cannot see pkts encrypt, etc.

Removing peer from peer table failed, no match! ====> what is the meaning of this message?

Thank you very much,

paul