Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1101
Views
5
Helpful
6
Replies

VPN Tunnel Won't come up and out of ideas

OnTheCatwalks
Level 1
Level 1

‎03-17-2022 01:04 PM

Tunnel will not complete Phase 2 and I am out of ideas. Does anyone see anything I am missing in the crypto debug? It's between an ASA and an older Cisco Router.

 

sh cry ikev1 sa

IKEv1 SAs:

   Active SA: 3
    Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)
Total IKE SA: 3

3   IKE Peer: X.X.X.X
    Type    : L2L             Role    : initiator
    Rekey   : no              State   : MM_ACTIVE
debug crypto condition peer X.X.X.X
debug cry ikev1 128
 Mar 17 14:41:45 [IKEv1]IP = X.X.X.X, IKE Initiator: New Phase 1, Intf inside, IKE Peer X.X.X.X  local Proxy Address 172.20.0.0, remote Proxy Address 192.168.1.0,  Crypto map (outside_map)
Mar 17 14:41:45 [IKEv1 DEBUG]IP = X.X.X.X, constructing ISAKMP SA payload
Mar 17 14:41:45 [IKEv1 DEBUG]IP = X.X.X.X, constructing NAT-Traversal VID ver 02 payload
Mar 17 14:41:45 [IKEv1 DEBUG]IP = X.X.X.X, constructing NAT-Traversal VID ver 03 payload
Mar 17 14:41:45 [IKEv1 DEBUG]IP = X.X.X.X, constructing NAT-Traversal VID ver RFC payload
Mar 17 14:41:45 [IKEv1 DEBUG]IP = X.X.X.X, constructing Fragmentation VID + extended capabilities payload
Mar 17 14:41:45 [IKEv1]IP = X.X.X.X, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 484
Mar 17 14:41:45 [IKEv1]IP = X.X.X.X, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + NONE (0) total length : 108
Mar 17 14:41:45 [IKEv1 DEBUG]IP = X.X.X.X, processing SA payload
Mar 17 14:41:45 [IKEv1 DEBUG]IP = X.X.X.X, Oakley proposal is acceptable
Mar 17 14:41:45 [IKEv1 DEBUG]IP = X.X.X.X, processing VID payload
Mar 17 14:41:45 [IKEv1 DEBUG]IP = X.X.X.X, Received NAT-Traversal RFC VID
Mar 17 14:41:45 [IKEv1 DEBUG]IP = X.X.X.X, constructing ke payload
Mar 17 14:41:45 [IKEv1 DEBUG]IP = X.X.X.X, constructing nonce payload
Mar 17 14:41:45 [IKEv1 DEBUG]IP = X.X.X.X, constructing Cisco Unity VID payload
Mar 17 14:41:45 [IKEv1 DEBUG]IP = X.X.X.X, constructing xauth V6 VID payload
Mar 17 14:41:45 [IKEv1 DEBUG]IP = X.X.X.X, Send IOS VID
Mar 17 14:41:45 [IKEv1 DEBUG]IP = X.X.X.X, Constructing ASA spoofing IOS Vendor ID payload (version: 1.0.0, capabilities: 20000001)
Mar 17 14:41:45 [IKEv1 DEBUG]IP = X.X.X.X, constructing VID payload
Mar 17 14:41:45 [IKEv1 DEBUG]IP = X.X.X.X, Send Altiga/Cisco VPN3000/Cisco ASA GW VID
Mar 17 14:41:45 [IKEv1 DEBUG]IP = X.X.X.X, constructing NAT-Discovery payload
Mar 17 14:41:45 [IKEv1 DEBUG]IP = X.X.X.X, computing NAT Discovery hash
Mar 17 14:41:45 [IKEv1 DEBUG]IP = X.X.X.X, constructing NAT-Discovery payload
Mar 17 14:41:45 [IKEv1 DEBUG]IP = X.X.X.X, computing NAT Discovery hash
Mar 17 14:41:45 [IKEv1]IP = X.X.X.X, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NAT-D (20) + NAT-D (20) + NONE (0) total length : 304
Mar 17 14:41:45 [IKEv1]IP = X.X.X.X, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NAT-D (20) + NAT-D (20) + NONE (0) total length : 304
Mar 17 14:41:45 [IKEv1 DEBUG]IP = X.X.X.X, processing ke payload
Mar 17 14:41:45 [IKEv1 DEBUG]IP = X.X.X.X, processing ISA_KE payload
Mar 17 14:41:45 [IKEv1 DEBUG]IP = X.X.X.X, processing nonce payload
Mar 17 14:41:45 [IKEv1 DEBUG]IP = X.X.X.X, processing VID payload
Mar 17 14:41:45 [IKEv1 DEBUG]IP = X.X.X.X, Received Cisco Unity client VID
Mar 17 14:41:45 [IKEv1 DEBUG]IP = X.X.X.X, processing VID payload
Mar 17 14:41:45 [IKEv1 DEBUG]IP = X.X.X.X, Received DPD VID
Mar 17 14:41:45 [IKEv1 DEBUG]IP = X.X.X.X, processing VID payload
Mar 17 14:41:45 [IKEv1 DEBUG]IP = X.X.X.X, Processing IOS/PIX Vendor ID payload (version: 1.0.0, capabilities: 00000f7f)
Mar 17 14:41:45 [IKEv1 DEBUG]IP = X.X.X.X, processing VID payload
Mar 17 14:41:45 [IKEv1 DEBUG]IP = X.X.X.X, Received xauth V6 VID
Mar 17 14:41:45 [IKEv1 DEBUG]IP = X.X.X.X, processing NAT-Discovery payload
Mar 17 14:41:45 [IKEv1 DEBUG]IP = X.X.X.X, computing NAT Discovery hash
Mar 17 14:41:45 [IKEv1 DEBUG]IP = X.X.X.X, processing NAT-Discovery payload
Mar 17 14:41:45 [IKEv1 DEBUG]IP = X.X.X.X, computing NAT Discovery hash
Mar 17 14:41:45 [IKEv1]IP = X.X.X.X, Connection landed on tunnel_group X.X.X.X
Mar 17 14:41:45 [IKEv1 DEBUG]Group = X.X.X.X, IP = X.X.X.X, Generating keys for Initiator...
Mar 17 14:41:45 [IKEv1 DEBUG]Group = X.X.X.X, IP = X.X.X.X, constructing ID payload
Mar 17 14:41:45 [IKEv1 DEBUG]Group = X.X.X.X, IP = X.X.X.X, constructing hash payload
Mar 17 14:41:45 [IKEv1 DEBUG]Group = X.X.X.X, IP = X.X.X.X, Computing hash for ISAKMP
Mar 17 14:41:45 [IKEv1 DEBUG]IP = X.X.X.X, Constructing IOS keep alive payload: proposal=32767/32767 sec.
Mar 17 14:41:45 [IKEv1 DEBUG]Group = X.X.X.X, IP = X.X.X.X, constructing dpd vid payload
Mar 17 14:41:45 [IKEv1]IP = X.X.X.X, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + ID (5) + HASH (8) + IOS KEEPALIVE (128) + VENDOR (13) + NONE (0) total length : 96
Mar 17 14:41:45 [IKEv1]Group = X.X.X.X, IP = X.X.X.X, Automatic NAT Detection Status:     Remote end is NOT behind a NAT device     This   end is NOT behind a NAT device
Mar 17 14:41:45 [IKEv1]IP = X.X.X.X, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + ID (5) + HASH (8) + NOTIFY (11) + NONE (0) total length : 104
Mar 17 14:41:45 [IKEv1 DEBUG]Group = X.X.X.X, IP = X.X.X.X, processing ID payload
Mar 17 14:41:45 [IKEv1 DECODE]Group = X.X.X.X, IP = X.X.X.X, ID_IPV4_ADDR ID received
X.X.X.X
Mar 17 14:41:45 [IKEv1 DEBUG]Group = X.X.X.X, IP = X.X.X.X, processing hash payload
Mar 17 14:41:45 [IKEv1 DEBUG]Group = X.X.X.X, IP = X.X.X.X, Computing hash for ISAKMP
Mar 17 14:41:45 [IKEv1 DEBUG]Group = X.X.X.X, IP = X.X.X.X, processing notify payload
Mar 17 14:41:45 [IKEv1]IP = X.X.X.X, Connection landed on tunnel_group X.X.X.X
Mar 17 14:41:45 [IKEv1 DEBUG]Group = X.X.X.X, IP = X.X.X.X, Oakley begin quick mode
Mar 17 14:41:45 [IKEv1 DECODE]Group = X.X.X.X, IP = X.X.X.X, IKE Initiator starting QM: msg id = f36e4384
Mar 17 14:41:45 [IKEv1]Group = X.X.X.X, IP = X.X.X.X, PHASE 1 COMPLETED
Mar 17 14:41:45 [IKEv1]IP = X.X.X.X, Keep-alive type for this connection: DPD
Mar 17 14:41:45 [IKEv1 DEBUG]Group = X.X.X.X, IP = X.X.X.X, Starting P1 rekey timer: 82080 seconds.
Mar 17 14:41:45 [IKEv1]Group = X.X.X.X, IP = X.X.X.X, Add to IKEv1 Tunnel Table succeeded for SA with logical ID 80740352
Mar 17 14:41:45 [IKEv1]Group = X.X.X.X, IP = X.X.X.X, Add to IKEv1 MIB Table succeeded for SA with logical ID 80740352
Mar 17 14:41:45 [IKEv1 DEBUG]Group = X.X.X.X, IP = X.X.X.X, IKE got SPI from key engine: SPI = 0xd85bf525
Mar 17 14:41:45 [IKEv1 DEBUG]Group = X.X.X.X, IP = X.X.X.X, IKE got SPI from key engine: SPI = 0xea2af025
Mar 17 14:41:45 [IKEv1 DEBUG]Group = X.X.X.X, IP = X.X.X.X, IKE got SPI from key engine: SPI = 0xd84aeba4
Mar 17 14:41:45 [IKEv1 DEBUG]Group = X.X.X.X, IP = X.X.X.X, IKE got SPI from key engine: SPI = 0xb561f125
Mar 17 14:41:45 [IKEv1 DEBUG]Group = X.X.X.X, IP = X.X.X.X, oakley constucting quick mode
Mar 17 14:41:45 [IKEv1 DEBUG]Group = X.X.X.X, IP = X.X.X.X, constructing blank hash payload
Mar 17 14:41:45 [IKEv1 DEBUG]Group = X.X.X.X, IP = X.X.X.X, constructing IPSec SA payload
Mar 17 14:41:45 [IKEv1 DEBUG]Group = X.X.X.X, IP = X.X.X.X, constructing IPSec nonce payload
Mar 17 14:41:45 [IKEv1 DEBUG]Group = X.X.X.X, IP = X.X.X.X, constructing pfs ke payload
Mar 17 14:41:45 [IKEv1 DEBUG]Group = X.X.X.X, IP = X.X.X.X, constructing proxy ID
Mar 17 14:41:45 [IKEv1 DEBUG]Group = X.X.X.X, IP = X.X.X.X, Transmitting Proxy Id:
  Local subnet:  172.20.0.0  mask 255.255.0.0 Protocol 0  Port 0
  Remote subnet: 192.168.1.0  Mask 255.255.255.240 Protocol 0  Port 0
Mar 17 14:41:45 [IKEv1 DECODE]Group = X.X.X.X, IP = X.X.X.X, IKE Initiator sending Initial Contact
Mar 17 14:41:45 [IKEv1 DEBUG]Group = X.X.X.X, IP = X.X.X.X, constructing qm hash payload
Mar 17 14:41:45 [IKEv1 DECODE]Group = X.X.X.X, IP = X.X.X.X, IKE Initiator sending 1st QM pkt: msg id = f36e4384
Mar 17 14:41:45 [IKEv1]IP = X.X.X.X, IKE_DECODE SENDING Message (msgid=f36e4384) with payloads : HDR + HASH (8) + SA (1) + NONCE (10) + KE (4) + ID (5) + ID (5) + NOTIFY (11) + NONE (0) total length : 500
Mar 17 14:41:45 [IKEv1]IP = X.X.X.X, IKE_DECODE RECEIVED Message (msgid=e1980f39) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 80
Mar 17 14:41:45 [IKEv1 DEBUG]Group = X.X.X.X, IP = X.X.X.X, processing hash payload
Mar 17 14:41:45 [IKEv1 DEBUG]Group = X.X.X.X, IP = X.X.X.X, processing notify payload
Mar 17 14:41:45 [IKEv1]Group = X.X.X.X, IP = X.X.X.X, Received non-routine Notify message: No proposal chosen (14)

Mar 17 14:42:01 [IKEv1 DEBUG]Group = X.X.X.X, IP = X.X.X.X, Sending keep-alive of type DPD R-U-THERE (seq number 0x65d756d0)
Mar 17 14:42:01 [IKEv1 DEBUG]Group = X.X.X.X, IP = X.X.X.X, constructing blank hash payload
Mar 17 14:42:01 [IKEv1 DEBUG]Group = X.X.X.X, IP = X.X.X.X, constructing qm hash payload
Mar 17 14:42:01 [IKEv1]IP = X.X.X.X, IKE_DECODE SENDING Message (msgid=69fb131a) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84
Mar 17 14:42:01 [IKEv1]IP = X.X.X.X, IKE_DECODE RECEIVED Message (msgid=1dbb0857) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84
Mar 17 14:42:01 [IKEv1 DEBUG]Group = X.X.X.X, IP = X.X.X.X, processing hash payload
Mar 17 14:42:01 [IKEv1 DEBUG]Group = X.X.X.X, IP = X.X.X.X, processing notify payload
Mar 17 14:42:01 [IKEv1 DEBUG]Group = X.X.X.X, IP = X.X.X.X, Received keep-alive of type DPD R-U-THERE-ACK (seq number 0x65d756d0)
un allMar 17 14:42:11 [IKEv1 DEBUG]Group = X.X.X.X, IP = X.X.X.X, Sending keep-alive of type DPD R-U-THERE (seq number 0x65d756d1)
Mar 17 14:42:11 [IKEv1 DEBUG]Group = X.X.X.X, IP = X.X.X.X, constructing blank hash payload
Mar 17 14:42:11 [IKEv1 DEBUG]Group = X.X.X.X, IP = X.X.X.X, constructing qm hash payload
Mar 17 14:42:11 [IKEv1]IP = X.X.X.X, IKE_DECODE SENDING Message (msgid=9e091ef) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84
Mar 17 14:42:11 [IKEv1]IP = X.X.X.X, IKE_DECODE RECEIVED Message (msgid=8bd79623) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84
Mar 17 14:42:11 [IKEv1 DEBUG]Group = X.X.X.X, IP = X.X.X.X, processing hash payload
Mar 17 14:42:11 [IKEv1 DEBUG]Group = X.X.X.X, IP = X.X.X.X, processing notify payload
Mar 17 14:42:11 [IKEv1 DEBUG]Group = X.X.X.X, IP = X.X.X.X, Received keep-alive of type DPD R-U-THERE-ACK (seq number 0x65d756d1)
Mar 17 14:42:15 [IKEv1 DEBUG]Group = X.X.X.X, IP = X.X.X.X, Pitcher: received key delete msg, spi 0xd85bf525
Mar 17 14:42:15 [IKEv1]Group = X.X.X.X, IP = X.X.X.X, Connection terminated for peer X.X.X.X.  Reason: Session Error Terminated  Remote Proxy 192.168.1.0, Local Proxy 172.20.0.0
Mar 17 14:42:15 [IKEv1 DEBUG]Group = X.X.X.X, IP = X.X.X.X, Pitcher: received key delete msg, spi 0xea2af025
Mar 17 14:42:15 [IKEv1]Group = X.X.X.X, IP = X.X.X.X, Connection terminated for peer X.X.X.X.  Reason: Session Error Terminated  Remote Proxy 192.168.1.0, Local Proxy 172.20.0.0
Mar 17 14:42:15 [IKEv1 DEBUG]Group = X.X.X.X, IP = X.X.X.X, Pitcher: received key delete msg, spi 0xd84aeba4
Mar 17 14:42:15 [IKEv1]Group = X.X.X.X, IP = X.X.X.X, Connection terminated for peer X.X.X.X.  Reason: Session Error Terminated  Remote Proxy 192.168.1.0, Local Proxy 172.20.0.0
Mar 17 14:42:15 [IKEv1 DEBUG]Group = X.X.X.X, IP = X.X.X.X, Pitcher: received key delete msg, spi 0xb561f125
Mar 17 14:42:15 [IKEv1]Group = X.X.X.X, IP = X.X.X.X, Connection terminated for peer X.X.X.X.  Reason: Session Error Terminated  Remote Proxy 192.168.1.0, Local Proxy 172.20.0.0
Mar 17 14:42:15 [IKEv1 DEBUG]Group = X.X.X.X, IP = X.X.X.X, sending delete/delete with reason message
Mar 17 14:42:15 [IKEv1 DEBUG]Group = X.X.X.X, IP = X.X.X.X, constructing blank hash payload
Mar 17 14:42:15 [IKEv1 DEBUG]Group = X.X.X.X, IP = X.X.X.X, constructing IPSec delete payload
Mar 17 14:42:15 [IKEv1 DEBUG]Group = X.X.X.X, IP = X.X.X.X, constructing qm hash payload
Mar 17 14:42:15 [IKEv1]IP = X.X.X.X, IKE_DECODE SENDING Message (msgid=2505817d) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 68
Mar 17 14:42:15 [IKEv1 DEBUG]Group = X.X.X.X, IP = X.X.X.X, IKE Deleting SA: Remote Proxy 192.168.1.0, Local Proxy 172.20.0.0
Mar 17 14:42:15 [IKEv1 DEBUG]Group = X.X.X.X, IP = X.X.X.X, IKE Deleting SA: Remote Proxy 192.168.1.0, Local Proxy 172.20.0.0
Mar 17 14:42:15 [IKEv1 DEBUG]Group = X.X.X.X, IP = X.X.X.X, IKE Deleting SA: Remote Proxy 192.168.1.0, Local Proxy 172.20.0.0
Mar 17 14:42:15 [IKEv1 DEBUG]Group = X.X.X.X, IP = X.X.X.X, IKE Deleting SA: Remote Proxy 192.168.1.0, Local Proxy 172.20.0.0
Mar 17 14:42:15 [IKEv1]Group = X.X.X.X, IP = X.X.X.X, Removing peer from correlator table failed, no match!
Mar 17 14:42:15 [IKEv1 DEBUG]Group = X.X.X.X, IP = X.X.X.X, IKE SA MM:305003a5 rcv'd Terminate: state MM_ACTIVE  flags 0x0000c062, refcnt 1, tuncnt 0
Mar 17 14:42:15 [IKEv1]Group = X.X.X.X, IP = X.X.X.X, Remove from IKEv1 Tunnel Table succeeded for SA with logicalId 80740352
Mar 17 14:42:15 [IKEv1]Group = X.X.X.X, IP = X.X.X.X, Remove from IKEv1 MIB Table succeeded for SA with logical ID 80740352
Mar 17 14:42:15 [IKEv1 DEBUG]Group = X.X.X.X, IP = X.X.X.X, IKE SA MM:305003a5 terminating:  flags 0x0100c022, refcnt 0, tuncnt 0
Mar 17 14:42:15 [IKEv1 DEBUG]Group = X.X.X.X, IP = X.X.X.X, sending delete/delete with reason message
Mar 17 14:42:15 [IKEv1 DEBUG]Group = X.X.X.X, IP = X.X.X.X, constructing blank hash payload
Mar 17 14:42:15 [IKEv1 DEBUG]Group = X.X.X.X, IP = X.X.X.X, constructing IKE delete payload
Mar 17 14:42:15 [IKEv1 DEBUG]Group = X.X.X.X, IP = X.X.X.X, constructing qm hash payload
Mar 17 14:42:15 [IKEv1]IP = X.X.X.X, IKE_DECODE SENDING Message (msgid=415739de) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 80
Mar 17 14:42:15 [IKEv1]Group = X.X.X.X, IP = X.X.X.X, Session is being torn down. Reason: Unknown
Mar 17 14:42:15 [IKEv1]IP = X.X.X.X, Received encrypted packet with no matching SA, dropping
Labels:
0 Helpful
6 Replies 6

MHM Cisco World
VIP
VIP

‎03-17-2022 01:29 PM 

Remote Proxy 192.168.1.0, Local Proxy 172.20.0.0

the ACL in one Peer is not config correctly. 

0 Helpful

OnTheCatwalks
Level 1
Level 1
In response to MHM Cisco World

‎03-17-2022 02:14 PM

How did you see that exactly? Is it the "Removing peer from correlator table failed, no match!" line?

 

Or is it because the

Remote Proxy 192.168.1.0, Local Proxy 172.20.0.0

is telling you thats the subnet with the issue?

MHM Cisco World
VIP
VIP
In response to OnTheCatwalks

‎03-17-2022 02:26 PM 

Mar 17 14:42:15 [IKEv1]Group = X.X.X.X, IP = X.X.X.X, Connection terminated for peer X.X.X.X.  Reason: Session Error Terminated  Remote Proxy 192.168.1.0, Local Proxy 172.20.0.0

 depend on this debug message, Do you check the ACL ?

0 Helpful

OnTheCatwalks
Level 1
Level 1
In response to MHM Cisco World

‎03-17-2022 02:44 PM

The only thing that looks off is 2 objects on the ASA have a nested object inside of it and one side is missing a host? Would the host or nested objects cause it?

 

********
ASA
********


object-group network grp_remote
description remote
network-object 172.20.0.0 255.255.0.0
network-object 10.20.0.0 255.255.0.0
network-object host 10.130.249.9
network-object host 10.130.40.9
network-object object Int_10.235.0.0_net
network-object object Int_10.130.0.0_net
object-group network remote_mapped
description Remote
network-object 192.168.1.0 255.255.255.240

access-list in_inside remark remote rule
access-list in_inside extended permit ip object-group grp_remote 192.168.1.0 255.255.255.240
access-list outside_cryptomap_1 extended permit ip object-group grp_remote object-group remote_mapped

 

********
ROUTER
********

 


ip access-list extended site
permit ip 192.168.1.0 0.0.0.15 host 10.130.40.4
permit ip 192.168.1.0 0.0.0.15 host 10.130.40.9
permit ip 192.168.1.0 0.0.0.15 host 10.130.40.77
permit ip 192.168.1.0 0.0.0.15 172.20.0.0 0.0.255.255
permit ip 192.168.1.0 0.0.0.15 10.130.0.0 0.0.255.255
permit ip 192.168.1.0 0.0.0.15 10.220.0.0 0.0.255.255
permit ip 192.168.1.0 0.0.0.15 10.130.0.0 0.0.255.255

0 Helpful

MHM Cisco World
VIP
VIP
In response to OnTheCatwalks

‎03-17-2022 02:55 PM

to identify the issue first let try
 
object-group network grp_remote
description Local
network-object 172.20.0.0 255.255.0.0

object-group network remote_mapped
description Remote
network-object 192.168.1.0 255.255.255.240

!

 

permit ip 192.168.1.0 0.0.0.15 172.20.0.0 0.0.255.255 

we will check if VPN is UP then try add one by one line to check the VPN until find ACE is make issue.

0 Helpful

WayneTW
Level 1
Level 1

‎03-01-2024 10:41 AM

@OnTheCatwalks  I wonder did you figure it out in the end? I am facing the same issue now. Thank you!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents