Cant get Remote tunnel to establish

It has been several years since I last setup a site to site tunnel.  Have been trying to set on up today and I must be missing something.
Here is the config for the site to site tunnel on the remote ASA -
access-list nonat extended permit ip 172.16.1.0 255.255.255.0 10.34.155.0 255.255.255.0
access-list nonat extended permit ip 172.16.1.0 255.255.255.0 10.34.150.0 255.255.255.0
access-list 100 extended permit ip 172.16.1.0 255.255.255.0 10.34.155.0 255.255.255.0
access-list 100 extended permit ip 172.16.1.0 255.255.255.0 10.34.150.0 255.255.255.0
global (outside) 1 interface
nat (Inside) 0 access-list nonat
nat (Inside) 1 0.0.0.0 0.0.0.0
crypto map outside_map 20 match address 100
crypto map outside_map 20 set peer x.x.x.x
crypto map outside_map 20 set transform-set myset
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
tunnel-group x.x.x.x type ipsec-l2l
tunnel-group x.x.x.x ipsec-attributes
pre-shared-key *****
When I do a debug crypto isakmp 7 and debug crypto ipsec 7, I am seeing this in the debug output -
Mar 05 14:09:04 [IKEv1]: IP = x.x.x.x, Received an un-encrypted INVALID_COOKIE notify message, dropping
Mar 05 14:09:04 [IKEv1]: IP = x.x.x.x, Information Exchange processing failed
Mar 05 14:09:12 [IKEv1 DEBUG]: IP = x.x.x.x, IKE MM Initiator FSM error history (struct &0xc960fce8)  <state>, <event>:  MM_DONE, EV_ERROR-->MM_WAIT_MSG4, EV_TIMEOUT-->MM_WAIT_MSG4, NullEvent-->MM_SND_MSG3, EV_SND_MSG-->MM_SND_MSG3, EV_START_TMR-->MM_SND_MSG3, EV_RESEND_MSG-->MM_WAIT_MSG4, EV_TIMEOUT-->MM_WAIT_MSG4, NullEvent
I have re-entered the pre-shared-key and still get this message.  I think I am missing something else but not having much luck in identifying the problem.  I looked at my notes and not having a lot of luck in this area. 
The problem may be at the datacenter end.  I am trying to set this up where the remote this config is for will be dhcp assigned and the datacenter will be static.  It is probably something simple.
Would appreciate any suggestions

Hello Ronald,
Thanks for the information!
On the configuration attached for the Data Center I could see that you are trying to use the DefaultL2LGroup tunnel group, which means that the remore site of the VPN tunnel will have a dynamic ip address. If that's the case we do not need to specify any peer on the crypto map since we do not know the ip address  were the client will be coming from. Phase 1 and 2 parameters will be offered by the remote site and then we will match those parameters with the ones configured on the DataCenter ASA. Also, you are missing the dynamic crypto map.
Below you will find an example to configure the dynamic crypto map:
crypto dynamic-map dynmap 655 set transform-set esp-3des
crypto map outside_map 655 ipsec-isakmp dynamic dynmap
You should be able to remove the commands applied previously:
no crypto map outside_map 20 match address 100
no crypto map outside_map 20 set transform-set esp-3des
Now, if both peers have static IP address you would need to following configuration on the DataCenter:
crypto map outside_map 20 match address 100
crypto map outside_map 20 set transform-set esp-3des
crypto map outside_map 20 set peer x.x.x.x (remote peer IP address)
tunnel-group x.x.x.x type ipsec-l2l
tunnel-group x.x.x.x ipsec-attributes
pre-shared-key *****
AnyConnect should not cause any problems.
Hope this help you out,
Luis.

Similar Messages

  • Cant get working Media Centre Remote under Win7

    G'day just a quick one for you I have just updated to windows 7 ultimate 64 bit on my Toshiba Satellite P200 and the only thing I cant get working is my media centre remote.
    Any suggestions would be greatly appreciated.

    If your notebook model is Win7 supported install missing driver. What other suggestion you want to hear? ;)
    Have you tried to use Vista driver?
    I have noticed some drivers are missing for Win7. In this case I used Vista drivers and everything worked properly on my Satellite A300.

  • Cant get airplay and remote to work again.

    So im currently having problems getting airplay to work and remote to connect to my itunes again. I have the iphone 5 and iv been using airplay and remote on it since i got it untill couple of days ago i cant seem to get the airplay icon to show up when my reciever is on and i cant get it to connect to my itunes using remote. I already try restoring the phone but i dont think that was the problem. I get get airplay to work from itunes though. Bascially all the hardwired things can access airplay but not the wireless stuff like my iphone 4 and 5. I tried using my laptops itunes on the wifi and it didnt work but when i connected it to the router it works. Anyone having the same problem as be cause i dont know why is just stopped working all of a sudden when i didnt even change anything.

    Dave Cohen wrote:I solved by not downgrading.  Instead, install community/php52.
    genius, I'm back in business, many thanks

  • I cant get my apple remote to work with my video ipod...

    i cant get my apple remote i just bought to hook up with my ipod video! help!
    Windows    

    Which remote are we talking about, the infra red or the radio/remote?

  • Hi there , i use microsoft remote desktop to connect to my work pc - on my 21.5 mac the remote screen is half the size of my screen and i cant get it to be full screen - is this possible or am i just stupid ? many thanks

    Hi there , i use microsoft remote desktop to connect to my work pc - on my 21.5 mac the remote screen is half the size of my screen and i cant get it to be full screen - is this possible or am i just stupid ? many thanks

    What setting have you chosen in the view menu? Fit to Screen or Window.
    And, in Preferences what have you set for Display?

  • Intel VPRO managment engine - cant get "initiate remote connection"

    Hi Everyone
    When configuring the intel ME bios to enable KVM access on my new ThinkCentre M93P machines, i no longer get the option "Press 2 to initiate a remote connection" when i turn the machine on and hit CTRL+P
    What used to happen (and still works fine on ThinkPads) is that the first time you hit CTRL+P you go into the intel management engine setup screen.  Then once setup, the next time you hit CTRL+P , rather than go straight into the manegement engine BIOS you would get two options:
    Press 1 to enter ME configuration screens
    Press 2 to initiate a remote connection
    However on the Thinkcentres i cant get it to give me these two options, it always goes into the ME screens.   Anyone else succesfully using this feature?
    Thanks for any help

    Hi,
    iChat to iChat, Google ID to Google ID works.
    It invokes exactly the same A/V side of iChat.
    This does require that the ports are allowed (UPnP) or opened (Port Forwarding or Port triggering) in the connection device that you have.
    It requires that you do not have two device at one end doing DHCP (just bad Networking) and in some cases iChat needs to make sure the LAN is specifically set up on the NAT front.
    Tell us what device you have at both ends and what you have done to set them up for iChat please.
    Also is the other end actually an Error 8 like your is ?
    Is it Error 4 as this would tend to mean Internet Sharing was turned On and should be Off.
    Error 7s are about security features in one of the devices.
    1:08 PM Sunday; March 16, 2008

  • My macbook pro no longer connects to my TV with the mini dvi to hdmi adapter. It was working fine now I cant get it to output to the Tv. Any ideas?

    My Macbook pro no longer outputs to my vizio led tv. It was working fine now I cant get any picture. It just says no signal. It is not the hdmi or the adapter because it works fine with my other tv. Any ideas on how to resolve this would be greatly appreciated. Please be as specific as possible. Thanks. BTW--I am using the mini dvi to hdmi adapter in case that was unclear.

    Since you say that the same connectors work on your other TV is suggests that the fault is not in the connectors but your Vizio TV.  I would check the settings on the Vizio TV.  Verify that is is set to receive HDMI input.  Perhaps you or some one else has inadvertently changed them.  Pressing the wrong buttons on a remote control device can do that.  (I am assuming no changes were made in SYSTEM PREFERENCES>DISPLAYS)
    Ciao.

  • I cant get past the Find my iphone message in itunes when installing! any help????, I cant get past the Find my iphone message in itunes when installing! any help????

    I cant get past this message when I am installing my iphone on itunes? I click on any links and nothing happens.... please help me!
    Free Find My iPhone
    Set up Find My iPhone for free so you can locate your device if you lose it, remotely lock the screen, or wipe its data. You can also find your iPad or iPod touch. Learn More
    Not Now
    Set up Find My iPhone
    Find My iPhone (or iPad or iPod touch) enables you to locate your iPad with Wi-Fi or iPod touch only when it is on and connected to a registered Wi-Fi network. Find My iPhone is not available in all countries.

    Check out this link https://discussions.apple.com/message/12835691#12835691

  • I downloaded the apple tv app and i cant get my iphone (5) or ipad (1) to recognize or find the apple tv.  Help?

    I cant get my iphone (5) or ipad (1) to recognize or find the apple tv on my apple tv app.

    you mean the remote app ?
    if so then
    tried reading this ?
    http://support.apple.com/kb/HT1947

  • HT204291 cant get the airplay icon on my iphone 4.

    I've tried all recommendations in troublshooting but still cant get the airplay icon on my iphone4, I can use the remote app, so its definately connected, any ideas?

    Responses can only be as helpful as the details provided.  What are you trying to setup an AirPlay connection to?  Did you enable AirPlay on that device(s) and create an Id?  Did you enter that id into your iPhone?  Did you do any of the steps to setup AirPlay? 
    And the Remote app using HomeSharing which only connects to iTunes and iTunes connects to the other devices.  It has nothing to do with AirPlay.  So that does not really mean anything.

  • HT201441 i cant get in touch with the previous owner to get the device removed from their account

    How can i resolve this issue since i cant get in contact with the account holder?

    Welcome to the Apple community.
    Unfortunately, you cannot do very much with your phone unless you get assistance from the previous owner, they should either provide you with the password to unlock it or remove their account from the phone entirely remotely through iCloud.com > Find My Phone.

  • Hi i reset my apple tv now i cant get it restarted no light comes on can someone advise?

    hi can anyone assist just got apple tv it was was working i then retored my apple tv now cant get it started no light shines on the apple tv?

    hey there marloth,
    I had a few thoughts running through my head as I read your symptoms here.
    First if you have not already, reset the device with this part of the article named Apple TV (2nd and 3rd generation): How to restart your Apple TV found http://support.apple.com/kb/ht3180.
    Restarting your Apple TV without a remote
    You can also reset your Apple TV by unplugging it from the power source for thirty seconds.
    If the issue persistrs and you own an iOS device, I would download the Remote app (free) https://itunes.apple.com/us/app/remote/id284417350?mt=8 to see if it will come on with the remote app.
    If so, then the battery in your Apple TV remote may need to be changed.
    How to replace the Apple Remote battery
    http://support.apple.com/kb/HT1306
    If not then you may need to restore the Apple TV with iTunes.
    Apple TV (2nd and 3rd generation): Restoring your Apple TV
    http://support.apple.com/kb/ht4367
    All the best,
    Sterling

  • Remote powershell cannot establish secure channel

    Using the PowerShell Azure cmdlets on the remote computer:
    If for example I perform an invoke-command .. -scriptblock {Get-AzureSQLDatabaseServer} I get the "Could not establish secure channel for SSL/TLS..." message.
    However if I RDP to that computer with the same credential I can perform the Get-AzureSQLDatabaseServer there.
    And more disconcerting, once I have done it through the rdp the invoke-command version starts to work and works while the rdp session is still live, and certainly for several minutes after the rdp session is closed.
    Does anyone know of something special that has to be done to invoke azure cmdlets remotely?

    HI,
    sorry for the delay . I am unable to repro the issue. and even without RDP to the azure VM , I can run the azure command including the AzureSQLDatabaseServer.
    I am not sure if there is any change in the status from your side since the last update on this thread. But I would suggest  below things
    1. to test the azure VM to azure VM test to eliminate any environment specific bottleneck.
    2. can you please refer to article
    http://social.msdn.microsoft.com/Forums/windowsazure/en-US/e477e6a1-eb8b-43f7-8089-6837ae3ee34c/start-a-script-on-azure-vm-from-a-remote-machine?forum=WAVirtualMachinesforWindows and see that the remote session is setup correctly.                                                                                                                                                                        
    If these suggestions do not help, I would request you to open a ticket with our support team because it might require more invasive troubleshooting.
    Best Regards
    Lalitesh                                                      

  • Cant get umtsmon working

    Hi,
    Im quite new to Arch and so far everything work smoothly. Today I tried to get my Option GE0201 3G card working with umtsmon from aur. But sadly its not working although the card is recognized and I can send sms and see the signal strengh.
    First problem: After program start umtsmon complains about some missing binaries (sorry for the german dialog) and clicking the "correct" button doesnt help, just results in a "umtsmon coudn"t find binary *su which is required for full operation" message. What binaries are missing here?
    Second problem: Ignoring this complaint and trying to connect pppd gives me the following error
    /usr/sbin/pppd: unrecognized option 'replacedefaultroute'
    pppd version 2.4.4
    Usage: /usr/sbin/pppd [ options ], where options are:
    <device> Communicate over the named device
    <speed> Set the baud rate to <speed>
    <loc>:<rem> Set the local and/or remote interface IP
    addresses. Either one may be omitted.
    asyncmap <n> Set the desired async map to hex <n>
    auth Require authentication from peer
    connect <p> Invoke shell command <p> to set up the serial line
    crtscts Use hardware RTS/CTS flow control
    defaultroute Add default route through interface
    file <f> Take options from file <f>
    modem Use modem control lines
    mru <n> Set MRU value to <n> for negotiation
    See pppd(8) for more options.
    pppd seems not to provide replacedefaultroute in Arch. Even when I turn of the replacedefaultroute option in the profile setting I still get the same error message. I jused cant get rid of replacedefaultroute...
    Does anybody have an idea what going wrong here? With my previous Ubuntu installation and using umtsmin 0.8.9 I never ran across these kind of problems.
    Cheers
    Felix

    The missing su binary is some kind of bug  since all arch system has su, and on my systems umtsmon works fine after ignoring this one.
    Arch's pppd built wouthout the replacedefaultroute patch, so that one will not work, and you have to enable the default route option.

  • Cant get CS6 Master Collection to Install! HELP!!!!!

    Cant get CS6 Master Collection to Install. Migrated to a new Mac Pro 5,1 Single Quad Core 3.2, 32GB of Ram. CS6 Apps worked fine until I tried to launch Illustrator. Illustrator just hangs and finally have to force quit. Tried reinstalling it, and the intalller and uninstaller don't work. I've restarted as suggested...same thing. I've use the Adobe Cleaner...no luck. Downloaded the installer again and tried....no luck.
    Bunch of errors starting with "DW051". All end with "has changed." I've called tech support and retried all the above...no luck. (Poorest customer support on the planet)
    Attached is an image of the messages including the errors. Please help. I'm loosing my mind.

    Thanks Manish-Sharma. I found solution on another post yesterday but I tried all the ways listed above again....no results though. The only progress I did make is that the installer does run and finish! Finally got this new result by placing the current Illustrator Folder from the Applications folder into the trash without deleting it. I launched the Master Collection installer and only selected Illustrator for the install. (All other apps work fine) It did install the new Illustrator application in the Applications folder. Then I launched Illustrator and the same thing happens. The icon starts bouncing in the dock, but that's it. No startup screen...nothing. After a few minutes I check and "Adobe Illustrator is not responding" so I have to force quit.
    I was on the phone with Adobe support and established a case # 0183688527 yesterday. They had me do the things you've suggested and more with no results. Sent them an update on other methods I've tried last night. They're supposed to get back to you in 24 hours. 28 hours later.....Haven't heard a word from them.
    Any more input is welcome. This really sucks.
    Thanks again for your input
    F

Maybe you are looking for

  • How to rectify Error 1097 in labview?

    I am using call library function for calling a dll.when it is running it is showing an error 1097.  "An exception occurred within the external code called by a Call Library Function Node. The exception may have corrupted LabVIEW's memory".How this er

  • Upload maveric Imovie/now what MY Iphoto IMAGES? its a mess!

      I did not finnishUpdating downloading imovie,,and now...  I DID and am given a chose ??or what of what to keep? MY MOVIES ARE GONE" as also I see 2 versions of iphoto Blacked up and TO ' choose what! I do not understand I believe I might press wron

  • Unable to launch trial version of After effects: Mac OS X

    I am unable to install the trial version of After Effects CS4. Downloaded 4 times with both Safari and Firefox. I get to the Adobe After Effects CS4 folder. The setup icon does nothing. Launching the bootstrapper.dmg file gets me to a folder with an

  • IPhoto is ruining my life

    For whatever reason, iPhoto decided to replace all of my originals with 24k thumbnails. Pics from my honeymoon, about half of my library. The only ones that still remain are photos that were modified. I have done searches for the original file names

  • Missing HD space after installing Leopard

    I have a used 17" iMac with a 160gb HD.I just installed Leopard about a week ago and backed up all my files and programs, but didn't delete anything. Before I installed Leopard I was able to hold 60+GB of music along with all my other files with spar