Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
26355
Views
5
Helpful
3
Replies

Duplicate Phase 1 packet detected. Retransmitting last packet.Cisco ASA 5505 to Draytek Vigor3200 . Pls help

networks
Level 1
Level 1

‎09-25-2014 02:21 AM

Hi,

 

I have Cisco 5505 on version 9.1 and Customer got Draytek Vigor 3200.

We are trying to establish IPsec VPN but tunnels are not comming up and getting this logs on running command debug crypto ikev1 5.

Sep 25 10:12:54 [IKEv1]Group = x.x.x.x, IP = x.x.x.x, Duplicate Phase 1 packet detected.  Retransmitting last packet.
Sep 25 10:12:54 [IKEv1]Group = x.x.x.x, IP = x.x.x.x, P1 Retransmit msg dispatched to MM FSM
Sep 25 10:12:57 [IKEv1]Group = x.x.x.x, IP = x.x.x.x, Duplicate Phase 1 packet detected.  Retransmitting last packet.
Sep 25 10:12:57 [IKEv1]Group = x.x.x.x, IP = x.x.x.x, P1 Retransmit msg dispatched to MM FSM
Sep 25 10:13:01 [IKEv1 DEBUG]IP = x.x.x.x, Oakley proposal is acceptable
Sep 25 10:13:01 [IKEv1 DEBUG]IP = x.x.x.x, IKE SA Proposal # 1, Transform # 0 acceptable  Matches global IKE entry # 3
Sep 25 10:13:02 [IKEv1]IP = x.x.x.x, Connection landed on tunnel_group x.x.x.x
Sep 25 10:13:02 [IKEv1]Group = x.x.x.x, IP = x.x.x.x, Received encrypted Oakley Main Mode packet with invalid payloads, MessID = 0
Sep 25 10:13:02 [IKEv1]Group = x.x.x.x, IP = x.x.x.x, ERROR, had problems decrypting packet, probably due to mismatched pre-shared key.  Aborting
Sep 25 10:13:02 [IKEv1]Group = x.x.x.x, IP = x.x.x.x, Duplicate Phase 1 packet detected.  Retransmitting last packet.
Sep 25 10:13:02 [IKEv1]Group = x.x.x.x, IP = x.x.x.x, P1 Retransmit msg dispatched to MM FSM
Sep 25 10:13:03 [IKEv1 DEBUG]Group = x.x.x.x, IP = x.x.x.x, IKE MM Responder FSM error history (struct &0xcca5a2b8)  <state>, <event>:  MM_DONE, EV_ERROR-->MM_WAIT_MSG5, EV_PROB_AUTH_FAIL-->MM_WAIT_MSG5, EV_TIMEOUT-->MM_WAIT_MSG5, NullEvent-->MM_SND_MSG4, EV_CRYPTO_ACTIVE-->MM_SND_MSG4, EV_SND_MSG-->MM_SND_MSG4, EV_START_TMR-->MM_SND_MSG4, EV_RESEND_MSG
Sep 25 10:13:05 [IKEv1]Group = x.x.x.x, IP = x.x.x.x, Duplicate Phase 1 packet detected.  Retransmitting last packet.
Sep 25 10:13:05 [IKEv1]Group = x.x.x.x, IP = x.x.x.x, P1 Retransmit msg dispatched to MM FSM

 

Any advise ??

 

Thanks,

Labels:
0 Helpful
3 Replies 3

laramire2
Level 1
Level 1

‎09-25-2014 07:34 AM

Hi,

I hope you're doing great

 

The messages that you are getting mean that the security appliance has received a duplicate of a previous Phase 1 packet, and will transmit the last message. This message could indicate a network performance or connectivity issue where the peer is not receiving sent packets in a timely manner. You need to make sure that the remote peer ip address is correct and the pre-shared key is matching exactly the same on both sites. Also, make sure that there is not anything in the middle blocking isakmp (UDP 500). Please try to collect the following information:

 

Are you able to get the debugs from the remote site?

Please send the VPN configuration of both sites for this specific tunnel.

Do you have any other L2L tunnel active on the ASA?

Please let me know if both sites are directly connected to the Internet and also if they have static or dynamic IP address on the outside.

Please also try to take a “show crypto ikev1 sa” to see what message is the ASA waiting for.

You could also take a capture from peer to peer on the outside to check if there is bidirectional communication. For instance:

capture vpn interface (outside) match ip host (local peer) host (remote peer).


Then you initiate the VPN tunnel and collect the output with the command “show capture vpn”. You also import it into Wireshark to get more details.


Please get back to me if you have any question.

 

Luis.

 

networks
Level 1
Level 1
In response to laramire2

‎09-26-2014 08:48 AM

Hi Luis,

 

Appreciate your response.

My customer has re-insert the pre-shared key its working at the moment.

Thanks for your help.

I will get back to you if I face any more issues.

Thanks,

Fahad

0 Helpful

Arash Emami
Level 1
Level 1

‎03-01-2024 02:30 PM - edited ‎03-01-2024 02:47 PM

Hi,

I faced the same problem but on a site to site VPN with routers. The reason was a misconfiguration of the routes between the sites. So I changed the static routes and the problem has been solved. In this case looking into route table can be helpful.

0 Helpful
Customers Also Viewed These Support Documents