HUB & SPOKE environment with ASA5512 as the HUB and ASA5505 as spoke.
I can't seem to get by the error's. Phase 1 completes, then the errors start, 7.0.0.2 recieved non-routine notify message no proposal choosen, connection terminated for peer 7.0.0.2 reason peer terminate remote proxy N/A local Proxy N/A, 7.0.0.2 removing peer from correlator table failed, no match, seesion being torn down reason user requested, group 7.0.0.2 automatic NAT detection status remote end is not behind NAT device, this end is not behind NAT device. The other end the ASA5512 I get IP 7.1.0.2 no valid authentication type found for the tunnel group, Remote end is not behind NAT device, the DAP records were selected for connection DfltAccessPolicy, Phase 1 completed, All IPSEC SA proposals found unacceptable, IP 7.1.0.2 QM FSM error, removing peer from correlator table failed no match, 7.1.0.2 session being torn down reason Phase 2 Mismatch, 7.1.0.2 session disconnected type IKEV1, recevied encrypted packet with no matchin SA dropping.
I have searched internet and found many results however as changes implemented I always end back at this point. Any HELP would be greatly appreciated. Lost two days in the LAB. I will post configs. This a test soon to go into production. Thanks
Ken
ASA1# sho run
: Saved
ASA Version 9.1(2)
hostname ASA1
domain-name TEST1.CA
enable password 8Ry2YjIyt7RRXU24 encrypted
names
interface GigabitEthernet0/0
nameif Outside
security-level 100
ip address 7.0.0.2 255.255.255.0
interface GigabitEthernet0/1
nameif AS1toR1
security-level 50
ip address 1.0.0.2 255.255.255.0
interface GigabitEthernet0/2
nameif AS1toR2
security-level 50
ip address 3.0.0.2 255.255.255.0
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/4
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/5
shutdown
no nameif
no security-level
no ip address
interface Management0/0
management-only
nameif management
security-level 0
ip address 192.168.1.1 255.255.255.0
ftp mode passive
dns domain-lookup Outside
dns domain-lookup AS1toR1
dns domain-lookup AS1toR2
dns domain-lookup management
dns server-group DefaultDNS
name-server 201.201.201.201
domain-name TEST1.CA
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network obj-1.0.0.0
object network 2.0.0.0
subnet 2.0.0.0 255.255.255.0
object network 6.0.0.0
subnet 6.0.0.0 255.255.255.0
object network 7.1.0.0
subnet 7.1.0.0 255.255.255.0
object network 8.0.0.0
subnet 8.0.0.0 255.255.255.0
object network 9.0.0.0
subnet 9.0.0.0 255.255.255.0
object-group network DM_INLINE_NETWORK_3
network-object 1.0.0.0 255.255.255.0
network-object 3.0.0.0 255.255.255.0
network-object object 2.0.0.0
network-object object 8.0.0.0
object-group network DM_INLINE_NETWORK_4
network-object object 6.0.0.0
network-object object 9.0.0.0
object-group network DM_INLINE_NETWORK_1
network-object object 6.0.0.0
network-object object 9.0.0.0
object-group network DM_INLINE_NETWORK_2
network-object 1.0.0.0 255.255.255.0
network-object 3.0.0.0 255.255.255.0
network-object object 2.0.0.0
network-object object 8.0.0.0
object-group network DM_INLINE_NETWORK_5
network-object 1.0.0.0 255.255.255.0
network-object 3.0.0.0 255.255.255.0
network-object object 2.0.0.0
network-object object 8.0.0.0
object-group network DM_INLINE_NETWORK_6
network-object object 6.0.0.0
network-object object 9.0.0.0
access-list HEADEND extended permit ip any any
access-list hq-to-vpnend extended permit ip object-group DM_INLINE_NETWORK_3 object-group DM_INLINE_NETWORK_4
access-list vpnend-to-hq extended permit ip object-group DM_INLINE_NETWORK_1 object-group DM_INLINE_NETWORK_2
access-list Outside_cryptomap_15 extended permit ip object-group DM_INLINE_NETWORK_5 object-group DM_INLINE_NETWORK_6
access-list Outside_access_in extended permit ip any any
access-list Outside_access_in extended permit icmp any4 any4
access-list AS1toR2_access_in extended permit icmp any4 any4
access-list AS1toR2_access_in extended permit ip any any
access-list AS1toR1_access_in extended permit ip any any
access-list AS1toR1_access_in extended permit icmp any4 any4
pager lines 24
logging enable
logging asdm informational
mtu Outside 1500
mtu AS1toR1 1500
mtu AS1toR2 1500
mtu management 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
access-group Outside_access_in in interface Outside
access-group AS1toR1_access_in in interface AS1toR1
access-group AS1toR2_access_in in interface AS1toR2
router ospf 1
network 1.0.0.0 255.255.255.0 area 0
network 3.0.0.0 255.255.255.0 area 0
network 7.0.0.0 255.255.255.0 area 0
log-adj-changes
route Outside 0.0.0.0 0.0.0.0 7.0.0.1 125
route Outside 6.0.0.0 255.255.255.0 7.0.0.1 125
route Outside 9.0.0.0 255.255.255.0 7.0.0.1 125
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
eou allow none
http server enable
http 192.168.1.2 255.255.255.255 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
sysopt connection preserve-vpn-flows
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set MAP-VPN1 esp-3des esp-md5-hmac
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 5 match address Outside_cryptomap_15
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 5 set pfs
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 5 set ikev1 transform-set MAP-VPN1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 5 set reverse-route
crypto dynamic-map DYNMAP 10 set pfs
crypto dynamic-map DYNMAP 10 set ikev1 transform-set MAP-VPN1
crypto dynamic-map DYNMAP 10 set reverse-route
crypto map Outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map HQ2REMOTE 10 ipsec-isakmp dynamic DYNMAP
crypto map HQ2REMOTE interface Outside
crypto ca trustpool policy
crypto ikev1 enable Outside
crypto ikev1 policy 1
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 28800
telnet timeout 5
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
vpn-addr-assign local reuse-delay 30
vpn load-balancing
interface lbpublic Outside
interface lbprivate AS1toR1
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
enable Outside
no anyconnect-essentials
group-policy DfltGrpPolicy attributes
wins-server value 10.10.10.10
dns-server value 201.201.201.201
vpn-idle-timeout none
vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-clientless
split-tunnel-network-list value HEADEND
default-domain value TEST1.CA
webvpn
activex-relay disable
tunnel-group DefaultL2LGroup ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group DefaultRAGroup general-attributes
secondary-authentication-server-group LOCAL
authorization-server-group LOCAL
nat-assigned-to-public-ip Outside
tunnel-group DefaultRAGroup ipsec-attributes
ikev1 pre-shared-key *****
peer-id-validate nocheck
ikev1 user-authentication none
tunnel-group DefaultWEBVPNGroup general-attributes
secondary-authentication-server-group LOCAL
tunnel-group DefaultWEBVPNGroup ipsec-attributes
ikev1 pre-shared-key *****
peer-id-validate nocheck
ikev1 user-authentication none
tunnel-group-map default-group DefaultL2LGroup
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly 24
subscribe-to-alert-group configuration periodic monthly 24
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:022709234965ad8943628e790ed5ed1f
: end
ASA1#
ASA2# sho run
: Saved
ASA Version 8.2(5)
hostname ASA2
domain-name TEST2.CA
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Ethernet0/0
switchport access vlan 14
interface Ethernet0/1
switchport access vlan 24
interface Ethernet0/2
shutdown
interface Ethernet0/3
shutdown
interface Ethernet0/4
shutdown
interface Ethernet0/5
shutdown
interface Ethernet0/6
shutdown
interface Ethernet0/7
switchport access vlan 4
interface Vlan1
no nameif
no security-level
no ip address
interface Vlan4
nameif management.
security-level 0
ip address 192.168.1.101 255.255.255.0
management-only
interface Vlan14
nameif Outside
security-level 100
ip address dhcp setroute
interface Vlan24
nameif Inside
security-level 50
ip address 6.0.0.2 255.255.255.0
ftp mode passive
dns domain-lookup management.
dns domain-lookup Outside
dns domain-lookup Inside
dns server-group DefaultDNS
domain-name TEST2.CA
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group network DM_INLINE_NETWORK_1
network-object 1.0.0.0 255.255.255.0
network-object 2.0.0.0 255.255.255.0
network-object 3.0.0.0 255.255.255.0
network-object 8.0.0.0 255.255.255.0
object-group network DM_INLINE_NETWORK_2
network-object 6.0.0.0 255.255.255.0
network-object 9.0.0.0 255.255.255.0
object-group network DM_INLINE_NETWORK_5
network-object 1.0.0.0 255.255.255.0
network-object 2.0.0.0 255.255.255.0
network-object 3.0.0.0 255.255.255.0
network-object 8.0.0.0 255.255.255.0
object-group network DM_INLINE_NETWORK_6
network-object 6.0.0.0 255.255.255.0
network-object 9.0.0.0 255.255.255.0
access-list vpnend-to-hq extended permit ip object-group DM_INLINE_NETWORK_1 object-group DM_INLINE_NETWORK_2
access-list REMOTEEND extended permit ip any any
access-list hq-to-vpnend extended permit ip object-group DM_INLINE_NETWORK_5 object-group DM_INLINE_NETWORK_6
access-list Outside_access_in extended permit ip any any
access-list Outside_access_in extended permit icmp any any
access-list Inside_access_in extended permit ip any any
access-list Inside_access_in extended permit icmp any any
pager lines 24
logging enable
logging asdm informational
mtu management. 1500
mtu Outside 1500
mtu Inside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
access-group Outside_access_in in interface Outside
access-group Inside_access_in in interface Inside
router ospf 1
network 6.0.0.0 255.255.255.0 area 0
network 7.1.0.0 255.255.255.0 area 0
log-adj-changes
route Outside 1.0.0.0 255.255.255.0 7.0.0.2 125
route Outside 2.0.0.0 255.255.255.0 7.0.0.2 125
route Outside 3.0.0.0 255.255.255.0 7.0.0.2 125
route Outside 8.0.0.0 255.255.255.0 7.0.0.2 125
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
network-acl REMOTEEND
eou allow none
http server enable
http 0.0.0.0 0.0.0.0 management.
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set MAP-VPN1 esp-3des esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set MAP-VPN1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set reverse-route
crypto map HQ2REMOTE 15 match address vpnend-to-hq
crypto map HQ2REMOTE 15 set pfs
crypto map HQ2REMOTE 15 set connection-type originate-only
crypto map HQ2REMOTE 15 set peer 7.0.0.2
crypto map HQ2REMOTE 15 set transform-set MAP-VPN1
crypto map HQ2REMOTE 15 set security-association lifetime seconds 28800
crypto map HQ2REMOTE 15 set security-association lifetime kilobytes 4608000
crypto map HQ2REMOTE 15 set reverse-route
crypto map HQ2REMOTE 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map HQ2REMOTE interface Outside
crypto isakmp enable Outside
crypto isakmp policy 15
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 28800
crypto isakmp ipsec-over-tcp port 10000
vpn-addr-assign local reuse-delay 5
telnet timeout 5
ssh timeout 5
console timeout 0
dhcp-client client-id interface Outside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl encryption 3des-sha1
webvpn
enable Outside
group-policy DfltGrpPolicy attributes
wins-server value 10.10.10.10
dns-server value 201.201.201.201
vpn-idle-timeout none
vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
split-tunnel-network-list value REMOTEEND
default-domain value TEST2.CA
smartcard-removal-disconnect disable
tunnel-group DefaultL2LGroup ipsec-attributes
pre-shared-key *****
tunnel-group DefaultRAGroup general-attributes
authorization-server-group LOCAL
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key *****
tunnel-group DefaultWEBVPNGroup ipsec-attributes
pre-shared-key *****
tunnel-group 7.0.0.2 type ipsec-l2l
tunnel-group 7.0.0.2 ipsec-attributes
pre-shared-key *****
peer-id-validate nocheck
tunnel-group-map default-group 7.0.0.2
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:0d04273f55e788e2a4ad4d025084d33d
: end
ASA2#
Jon,
Getting same errors as when we first started. Access list mismatch skipping dynamic map DYNMAP.
Mar 03 13:18:47 [IKEv1]IP = 7.1.0.2, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NAT-D (20) + NAT-D (20) + NONE (0) total length : 296
Mar 03 13:18:47 [IKEv1 DEBUG]IP = 7.1.0.2, processing ke payload
Mar 03 13:18:47 [IKEv1 DEBUG]IP = 7.1.0.2, processing ISA_KE payload
Mar 03 13:18:47 [IKEv1 DEBUG]IP = 7.1.0.2, processing nonce payload
Mar 03 13:18:47 [IKEv1 DEBUG]IP = 7.1.0.2, processing VID payload
Mar 03 13:18:47 [IKEv1 DEBUG]IP = 7.1.0.2, Received Cisco Unity client VID
Mar 03 13:18:47 [IKEv1 DEBUG]IP = 7.1.0.2, processing VID payload
Mar 03 13:18:47 [IKEv1 DEBUG]IP = 7.1.0.2, Received xauth V6 VID
Mar 03 13:18:47 [IKEv1 DEBUG]IP = 7.1.0.2, processing VID payload
Mar 03 13:18:47 [IKEv1 DEBUG]IP = 7.1.0.2, Processing VPN3000/ASA spoofing IOS Vendor ID payload (version: 1.0.0, capabilities: 20000001)
Mar 03 13:18:47 [IKEv1 DEBUG]IP = 7.1.0.2, processing VID payload
Mar 03 13:18:47 [IKEv1 DEBUG]IP = 7.1.0.2, Received Altiga/Cisco VPN3000/Cisco ASA GW VID
Mar 03 13:18:47 [IKEv1 DEBUG]IP = 7.1.0.2, processing NAT-Discovery payload
Mar 03 13:18:47 [IKEv1 DEBUG]IP = 7.1.0.2, computing NAT Discovery hash
Mar 03 13:18:47 [IKEv1 DEBUG]IP = 7.1.0.2, processing NAT-Discovery payload
Mar 03 13:18:47 [IKEv1 DEBUG]IP = 7.1.0.2, computing NAT Discovery hash
Mar 03 13:18:47 [IKEv1 DEBUG]IP = 7.1.0.2, constructing ke payload
Mar 03 13:18:47 [IKEv1 DEBUG]IP = 7.1.0.2, constructing nonce payload
Mar 03 13:18:47 [IKEv1 DEBUG]IP = 7.1.0.2, constructing Cisco Unity VID payload
Mar 03 13:18:47 [IKEv1 DEBUG]IP = 7.1.0.2, constructing xauth V6 VID payload
Mar 03 13:18:47 [IKEv1 DEBUG]IP = 7.1.0.2, Send IOS VID
Mar 03 13:18:47 [IKEv1 DEBUG]IP = 7.1.0.2, Constructing ASA spoofing IOS Vendor ID payload (version: 1.0.0, capabilities: 20000001)
Mar 03 13:18:47 [IKEv1 DEBUG]IP = 7.1.0.2, constructing VID payload
Mar 03 13:18:47 [IKEv1 DEBUG]IP = 7.1.0.2, Send Altiga/Cisco VPN3000/Cisco ASA GW VID
Mar 03 13:18:47 [IKEv1 DEBUG]IP = 7.1.0.2, constructing NAT-Discovery payload
Mar 03 13:18:47 [IKEv1 DEBUG]IP = 7.1.0.2, computing NAT Discovery hash
Mar 03 13:18:47 [IKEv1 DEBUG]IP = 7.1.0.2, constructing NAT-Discovery payload
Mar 03 13:18:47 [IKEv1 DEBUG]IP = 7.1.0.2, computing NAT Discovery hash
Mar 03 13:18:47 [IKEv1]IP = 7.1.0.2, Connection landed on tunnel_group DefaultL2LGroup
Mar 03 13:18:47 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, Generating keys for Responder...
ASA1# Mar 03 13:18:47 [IKEv1]IP = 7.1.0.2, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NAT-D (20) + NAT-D (20) + NONE (0) total length : 296
Mar 03 13:18:47 [IKEv1]IP = 7.1.0.2, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + ID (5) + HASH (8) + IOS KEEPALIVE (128) + VENDOR (13) + NONE (0) total length : 92
Mar 03 13:18:47 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, processing ID payload
Mar 03 13:18:47 [IKEv1 DECODE]Group = DefaultL2LGroup, IP = 7.1.0.2, ID_IPV4_ADDR ID received
7.1.0.2
Mar 03 13:18:47 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, processing hash payload
Mar 03 13:18:47 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, Computing hash for ISAKMP
Mar 03 13:18:47 [IKEv1 DEBUG]IP = 7.1.0.2, Processing IOS keep alive payload: proposal=32767/32767 sec.
Mar 03 13:18:47 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, processing VID payload
Mar 03 13:18:47 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, Received DPD VID
Mar 03 13:18:47 [IKEv1]Group = DefaultL2LGroup, IP = 7.1.0.2, Automatic NAT Detection Status: Remote end is NOT behind a NAT device This end is NOT behind a NAT device
Mar 03 13:18:47 [IKEv1]IP = 7.1.0.2, Connection landed on tunnel_group DefaultL2LGroup
Mar 03 13:18:47 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, constructing ID payload
Mar 03 13:18:47 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, constructing hash payload
Mar 03 13:18:47 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, Computing hash for ISAKMP
Mar 03 13:18:47 [IKEv1 DEBUG]IP = 7.1.0.2, Constructing IOS keep alive payload: proposal=32767/32767 sec.
Mar 03 13:18:47 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, constructing dpd vid payload
Mar 03 13:18:47 [IKEv1]IP = 7.1.0.2, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + ID (5) + HASH (8) + IOS KEEPALIVE (128) + VENDOR (13) + NONE (0) total length : 92
Mar 03 13:18:47 [IKEv1]Group = DefaultL2LGroup, IP = 7.1.0.2, PHASE 1 COMPLETED
Mar 03 13:18:47 [IKEv1]IP = 7.1.0.2, Keep-alive type for this connection: DPD
Mar 03 13:18:47 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, Starting P1 rekey timer: 24480 seconds.
Mar 03 13:18:47 [IKEv1 DECODE]IP = 7.1.0.2, IKE Responder starting QM: msg id = 9389754e
Mar 03 13:18:47 [IKEv1]IP = 7.1.0.2, IKE_DECODE RECEIVED Message (msgid=9389754e) with payloads : HDR + HASH (8) + SA (1) + NONCE (10) + ID (5) + ID (5) + NOTIFY (11) + NONE (0) total length : 184
Mar 03 13:18:47 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, processing hash payload
Mar 03 13:18:47 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, processing SA payload
Mar 03 13:18:47 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, processing nonce payload
Mar 03 13:18:47 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, processing ID payload
Mar 03 13:18:47 [IKEv1 DECODE]Group = DefaultL2LGroup, IP = 7.1.0.2, ID_IPV4_ADDR ID received
7.1.0.2
Mar 03 13:18:47 [IKEv1]Group = DefaultL2LGroup, IP = 7.1.0.2, Received remote Proxy Host data in ID Payload: Address 7.1.0.2, Protocol 0, Port 0
Mar 03 13:18:47 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, processing ID payload
Mar 03 13:18:47 [IKEv1 DECODE]Group = DefaultL2LGroup, IP = 7.1.0.2, ID_IPV4_ADDR ID received
7.0.0.2
Mar 03 13:18:47 [IKEv1]Group = DefaultL2LGroup, IP = 7.1.0.2, Received local Proxy Host data in ID Payload: Address 7.0.0.2, Protocol 0, Port 0
Mar 03 13:18:47 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, processing notify payload
Mar 03 13:18:47 [IKEv1]Group = DefaultL2LGroup, IP = 7.1.0.2, QM IsRekeyed old sa not found by addr
Mar 03 13:18:47 [IKEv1]Group = DefaultL2LGroup, IP = 7.1.0.2, Skipping dynamic map DYNMAP sequence 10: access-list mismatch.
Mar 03 13:18:47 [IKEv1]Group = DefaultL2LGroup, IP = 7.1.0.2, Rejecting IPSec tunnel: no matching crypto map entry for remote proxy 7.1.0.2/255.255.255.255/0/0 local proxy 7.0.0.2/255.255.255.255/0/0 on interface Outside
Mar 03 13:18:47 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, sending notify message
Mar 03 13:18:47 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, constructing blank hash payload
Mar 03 13:18:47 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, constructing qm hash payload
Mar 03 13:18:47 [IKEv1]IP = 7.1.0.2, IKE_DECODE SENDING Message (msgid=ee315fa4) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 236
Mar 03 13:18:47 [IKEv1]Group = DefaultL2LGroup, IP = 7.1.0.2, QM FSM error (P2 struct &0x00007fffa05e1840, mess id 0x9389754e)!
Mar 03 13:18:47 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, IKE QM Responder FSM error history (struct &0x00007fffa05e1840) <state>, <event>: QM_DONE, EV_ERROR-->QM_BLD_MSG2, EV_NEGO_SA-->QM_BLD_MSG2, EV_IS_REKEY-->QM_BLD_MSG2, EV_CONFIRM_SA-->QM_BLD_MSG2, EV_PROC_MSG-->QM_BLD_MSG2, EV_HASH_OK-->QM_BLD_MSG2, NullEvent-->QM_BLD_MSG2, EV_COMP_HASH
Mar 03 13:18:47 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, sending delete/delete with reason message
Mar 03 13:18:47 [IKEv1]Group = DefaultL2LGroup, IP = 7.1.0.2, Removing peer from correlator table failed, no match!
Mar 03 13:18:47 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, IKE SA MM:7adaeddd rcv'd Terminate: state MM_ACTIVE flags 0x0001c042, refcnt 1, tuncnt 0
Mar 03 13:18:47 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, IKE SA MM:7adaeddd terminating: flags 0x0101c002, refcnt 0, tuncnt 0
Mar 03 13:18:47 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, sending delete/delete with reason message
Mar 03 13:18:47 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, constructing blank hash payload
Mar 03 13:18:47 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, constructing IKE delete payload
Mar 03 13:18:47 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, constructing qm hash payload
Mar 03 13:18:47 [IKEv1]IP = 7.1.0.2, IKE_DECODE SENDING Message (msgid=f9d973c5) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 76
Mar 03 13:18:47 [IKEv1]Group = DefaultL2LGroup, IP = 7.1.0.2, Session is being torn down. Reason: crypto map policy not found
Mar 03 13:18:47 [IKEv1]Ignoring msg to mark SA with dsID 200704 dead because SA deleted
Mar 03 13:18:47 [IKEv1]IP = 7.1.0.2, Received encrypted packet with no matching SA, dropping
Mar 03 13:19:17 [IKEv1]IP = 7.1.0.2, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 168
Mar 03 13:19:17 [IKEv1 DEBUG]IP = 7.1.0.2, processing SA payload
Mar 03 13:19:17 [IKEv1 DEBUG]IP = 7.1.0.2, Oakley proposal is acceptable
Mar 03 13:19:17 [IKEv1 DEBUG]IP = 7.1.0.2, processing VID payload
Mar 03 13:19:17 [IKEv1 DEBUG]IP = 7.1.0.2, Received NAT-Traversal ver 02 VID
Mar 03 13:19:17 [IKEv1 DEBUG]IP = 7.1.0.2, processing VID payload
Mar 03 13:19:17 [IKEv1 DEBUG]IP = 7.1.0.2, Received NAT-Traversal ver 03 VID
Mar 03 13:19:17 [IKEv1 DEBUG]IP = 7.1.0.2, processing VID payload
Mar 03 13:19:17 [IKEv1 DEBUG]IP = 7.1.0.2, Received NAT-Traversal RFC VID
Mar 03 13:19:17 [IKEv1 DEBUG]IP = 7.1.0.2, processing VID payload
Mar 03 13:19:17 [IKEv1 DEBUG]IP = 7.1.0.2, Received Fragmentation VID
Mar 03 13:19:17 [IKEv1 DEBUG]IP = 7.1.0.2, IKE Peer included IKE fragmentation capability flags: Main Mode: True Aggressive Mode: True
Mar 03 13:19:17 [IKEv1 DEBUG]IP = 7.1.0.2, processing IKE SA payload
Mar 03 13:19:17 [IKEv1 DEBUG]IP = 7.1.0.2, IKE SA Proposal # 1, Transform # 1 acceptable Matches global IKE entry # 2
Mar 03 13:19:17 [IKEv1 DEBUG]IP = 7.1.0.2, constructing ISAKMP SA payload
Mar 03 13:19:17 [IKEv1 DEBUG]IP = 7.1.0.2, constructing NAT-Traversal VID ver RFC payload
Mar 03 13:19:17 [IKEv1 DEBUG]IP = 7.1.0.2, constructing Fragmentation VID + extended capabilities payload
Mar 03 13:19:17 [IKEv1]IP = 7.1.0.2, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 124
Mar 03 13:19:17 [IKEv1]IP = 7.1.0.2, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NAT-D (20) + NAT-D (20) + NONE (0) total length : 296
Mar 03 13:19:17 [IKEv1 DEBUG]IP = 7.1.0.2, processing ke payload
Mar 03 13:19:17 [IKEv1 DEBUG]IP = 7.1.0.2, processing ISA_KE payload
Mar 03 13:19:17 [IKEv1 DEBUG]IP = 7.1.0.2, processing nonce payload
Mar 03 13:19:17 [IKEv1 DEBUG]IP = 7.1.0.2, processing VID payload
Mar 03 13:19:17 [IKEv1 DEBUG]IP = 7.1.0.2, Received Cisco Unity client VID
Mar 03 13:19:17 [IKEv1 DEBUG]IP = 7.1.0.2, processing VID payload
Mar 03 13:19:17 [IKEv1 DEBUG]IP = 7.1.0.2, Received xauth V6 VID
Mar 03 13:19:17 [IKEv1 DEBUG]IP = 7.1.0.2, processing VID payload
Mar 03 13:19:17 [IKEv1 DEBUG]IP = 7.1.0.2, Processing VPN3000/ASA spoofing IOS Vendor ID payload (version: 1.0.0, capabilities: 20000001)
Mar 03 13:19:17 [IKEv1 DEBUG]IP = 7.1.0.2, processing VID payload
Mar 03 13:19:17 [IKEv1 DEBUG]IP = 7.1.0.2, Received Altiga/Cisco VPN3000/Cisco ASA GW VID
Mar 03 13:19:17 [IKEv1 DEBUG]IP = 7.1.0.2, processing NAT-Discovery payload
Mar 03 13:19:17 [IKEv1 DEBUG]IP = 7.1.0.2, computing NAT Discovery hash
Mar 03 13:19:17 [IKEv1 DEBUG]IP = 7.1.0.2, processing NAT-Discovery payload
Mar 03 13:19:17 [IKEv1 DEBUG]IP = 7.1.0.2, computing NAT Discovery hash
Mar 03 13:19:17 [IKEv1 DEBUG]IP = 7.1.0.2, constructing ke payload
Mar 03 13:19:17 [IKEv1 DEBUG]IP = 7.1.0.2, constructing nonce payload
Mar 03 13:19:17 [IKEv1 DEBUG]IP = 7.1.0.2, constructing Cisco Unity VID payload
Mar 03 13:19:17 [IKEv1 DEBUG]IP = 7.1.0.2, constructing xauth V6 VID payload
Mar 03 13:19:17 [IKEv1 DEBUG]IP = 7.1.0.2, Send IOS VID
Mar 03 13:19:17 [IKEv1 DEBUG]IP = 7.1.0.2, Constructing ASA spoofing IOS Vendor ID payload (version: 1.0.0, capabilities: 20000001)
Mar 03 13:19:17 [IKEv1 DEBUG]IP = 7.1.0.2, constructing VID payload
Mar 03 13:19:17 [IKEv1 DEBUG]IP = 7.1.0.2, Send Altiga/Cisco VPN3000/Cisco ASA GW VID
Mar 03 13:19:17 [IKEv1 DEBUG]IP = 7.1.0.2, constructing NAT-Discovery payload
Mar 03 13:19:17 [IKEv1 DEBUG]IP = 7.1.0.2, computing NAT Discovery hash
Mar 03 13:19:17 [IKEv1 DEBUG]IP = 7.1.0.2, constructing NAT-Discovery payload
Mar 03 13:19:17 [IKEv1 DEBUG]IP = 7.1.0.2, computing NAT Discovery hash
Mar 03 13:19:17 [IKEv1]IP = 7.1.0.2, Connection landed on tunnel_group DefaultL2LGroup
Mar 03 13:19:17 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, Generating keys for Responder...
Mar 03 13:19:17 [IKEv1]IP = 7.1.0.2, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NAT-D (20) + NAT-D (20) + NONE (0) total length : 296
Mar 03 13:19:17 [IKEv1]IP = 7.1.0.2, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + ID (5) + HASH (8) + IOS KEEPALIVE (128) + VENDOR (13) + NONE (0) total length : 92
Mar 03 13:19:17 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, processing ID payload
Mar 03 13:19:17 [IKEv1 DECODE]Group = DefaultL2LGroup, IP = 7.1.0.2, ID_IPV4_ADDR ID received
7.1.0.2
Mar 03 13:19:17 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, processing hash payload
Mar 03 13:19:17 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, Computing hash for ISAKMP
Mar 03 13:19:17 [IKEv1 DEBUG]IP = 7.1.0.2, Processing IOS keep alive payload: proposal=32767/32767 sec.
Mar 03 13:19:17 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, processing VID payload
Mar 03 13:19:17 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, Received DPD VID
Mar 03 13:19:17 [IKEv1]Group = DefaultL2LGroup, IP = 7.1.0.2, Automatic NAT Detection Status: Remote end is NOT behind a NAT device This end is NOT behind a NAT device
Mar 03 13:19:17 [IKEv1]IP = 7.1.0.2, Connection landed on tunnel_group DefaultL2LGroup
Mar 03 13:19:17 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, constructing ID payload
Mar 03 13:19:17 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, constructing hash payload
Mar 03 13:19:17 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, Computing hash for ISAKMP
Mar 03 13:19:17 [IKEv1 DEBUG]IP = 7.1.0.2, Constructing IOS keep alive payload: proposal=32767/32767 sec.
Mar 03 13:19:17 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, constructing dpd vid payload
Mar 03 13:19:17 [IKEv1]IP = 7.1.0.2, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + ID (5) + HASH (8) + IOS KEEPALIVE (128) + VENDOR (13) + NONE (0) total length : 92
Mar 03 13:19:17 [IKEv1]Group = DefaultL2LGroup, IP = 7.1.0.2, PHASE 1 COMPLETED
Mar 03 13:19:17 [IKEv1]IP = 7.1.0.2, Keep-alive type for this connection: DPD
Mar 03 13:19:17 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, Starting P1 rekey timer: 24480 seconds.
Mar 03 13:19:17 [IKEv1 DECODE]IP = 7.1.0.2, IKE Responder starting QM: msg id = 3af2253f
Mar 03 13:19:17 [IKEv1]IP = 7.1.0.2, IKE_DECODE RECEIVED Message (msgid=3af2253f) with payloads : HDR + HASH (8) + SA (1) + NONCE (10) + ID (5) + ID (5) + NOTIFY (11) + NONE (0) total length : 184
Mar 03 13:19:17 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, processing hash payload
Mar 03 13:19:17 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, processing SA payload
Mar 03 13:19:17 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, processing nonce payload
Mar 03 13:19:17 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, processing ID payload
Mar 03 13:19:17 [IKEv1 DECODE]Group = DefaultL2LGroup, IP = 7.1.0.2, ID_IPV4_ADDR ID received
7.1.0.2
Mar 03 13:19:17 [IKEv1]Group = DefaultL2LGroup, IP = 7.1.0.2, Received remote Proxy Host data in ID Payload: Address 7.1.0.2, Protocol 0, Port 0
Mar 03 13:19:17 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, processing ID payload
Mar 03 13:19:17 [IKEv1 DECODE]Group = DefaultL2LGroup, IP = 7.1.0.2, ID_IPV4_ADDR ID received
7.0.0.2
Mar 03 13:19:17 [IKEv1]Group = DefaultL2LGroup, IP = 7.1.0.2, Received local Proxy Host data in ID Payload: Address 7.0.0.2, Protocol 0, Port 0
Mar 03 13:19:17 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, processing notify payload
Mar 03 13:19:17 [IKEv1]Group = DefaultL2LGroup, IP = 7.1.0.2, QM IsRekeyed old sa not found by addr
Mar 03 13:19:17 [IKEv1]Group = DefaultL2LGroup, IP = 7.1.0.2, Skipping dynamic map DYNMAP sequence 10: access-list mismatch.
Mar 03 13:19:17 [IKEv1]Group = DefaultL2LGroup, IP = 7.1.0.2, Rejecting IPSec tunnel: no matching crypto map entry for remote proxy 7.1.0.2/255.255.255.255/0/0 local proxy 7.0.0.2/255.255.255.255/0/0 on interface Outside
Mar 03 13:19:17 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, sending notify message
Mar 03 13:19:17 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, constructing blank hash payload
Mar 03 13:19:17 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, constructing qm hash payload
Mar 03 13:19:17 [IKEv1]IP = 7.1.0.2, IKE_DECODE SENDING Message (msgid=d4ee1beb) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 236
Mar 03 13:19:17 [IKEv1]Group = DefaultL2LGroup, IP = 7.1.0.2, QM FSM error (P2 struct &0x00007fff9f9787e0, mess id 0x3af2253f)!
Mar 03 13:19:17 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, IKE QM Responder FSM error history (struct &0x00007fff9f9787e0) <state>, <event>: QM_DONE, EV_ERROR-->QM_BLD_MSG2, EV_NEGO_SA-->QM_BLD_MSG2, EV_IS_REKEY-->QM_BLD_MSG2, EV_CONFIRM_SA-->QM_BLD_MSG2, EV_PROC_MSG-->QM_BLD_MSG2, EV_HASH_OK-->QM_BLD_MSG2, NullEvent-->QM_BLD_MSG2, EV_COMP_HASH
Mar 03 13:19:17 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, sending delete/delete with reason message
Mar 03 13:19:17 [IKEv1]Group = DefaultL2LGroup, IP = 7.1.0.2, Removing peer from correlator table failed, no match!
Mar 03 13:19:17 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, IKE SA MM:47629a55 rcv'd Terminate: state MM_ACTIVE flags 0x0001c042, refcnt 1, tuncnt 0
Mar 03 13:19:17 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, IKE SA MM:47629a55 terminating: flags 0x0101c002, refcnt 0, tuncnt 0
Mar 03 13:19:17 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, sending delete/delete with reason message
Mar 03 13:19:17 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, constructing blank hash payload
Mar 03 13:19:17 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, constructing IKE delete payload
Mar 03 13:19:17 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, constructing qm hash payload
Mar 03 13:19:17 [IKEv1]IP = 7.1.0.2, IKE_DECODE SENDING Message (msgid=c7a1c363) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 76
Mar 03 13:19:17 [IKEv1]Group = DefaultL2LGroup, IP = 7.1.0.2, Session is being torn down. Reason: crypto map policy not found
Mar 03 13:19:17 [IKEv1]Ignoring msg to mark SA with dsID 204800 dead because SA deleted
Mar 03 13:19:17 [IKEv1]IP = 7.1.0.2, Received encrypted packet with no matching SA, dropping
Mar 03 13:19:47 [IKEv1]IP = 7.1.0.2, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 168
Mar 03 13:19:47 [IKEv1 DEBUG]IP = 7.1.0.2, processing SA payload
Mar 03 13:19:47 [IKEv1 DEBUG]IP = 7.1.0.2, Oakley proposal is acceptable
Mar 03 13:19:47 [IKEv1 DEBUG]IP = 7.1.0.2, processing VID payload
Mar 03 13:19:47 [IKEv1 DEBUG]IP = 7.1.0.2, Received NAT-Traversal ver 02 VID
Mar 03 13:19:47 [IKEv1 DEBUG]IP = 7.1.0.2, processing VID payload
Mar 03 13:19:47 [IKEv1 DEBUG]IP = 7.1.0.2, Received NAT-Traversal ver 03 VID
Mar 03 13:19:47 [IKEv1 DEBUG]IP = 7.1.0.2, processing VID payload
Mar 03 13:19:47 [IKEv1 DEBUG]IP = 7.1.0.2, Received NAT-Traversal RFC VID
Mar 03 13:19:47 [IKEv1 DEBUG]IP = 7.1.0.2, processing VID payload
Mar 03 13:19:47 [IKEv1 DEBUG]IP = 7.1.0.2, Received Fragmentation VID
Mar 03 13:19:47 [IKEv1 DEBUG]IP = 7.1.0.2, IKE Peer included IKE fragmentation capability flags: Main Mode: True Aggressive Mode: True
Mar 03 13:19:47 [IKEv1 DEBUG]IP = 7.1.0.2, processing IKE SA payload
Mar 03 13:19:47 [IKEv1 DEBUG]IP = 7.1.0.2, IKE SA Proposal # 1, Transform # 1 acceptable Matches global IKE entry # 2
Mar 03 13:19:47 [IKEv1 DEBUG]IP = 7.1.0.2, constructing ISAKMP SA payload
Mar 03 13:19:47 [IKEv1 DEBUG]IP = 7.1.0.2, constructing NAT-Traversal VID ver RFC payload
Mar 03 13:19:47 [IKEv1 DEBUG]IP = 7.1.0.2, constructing Fragmentation VID + extended capabilities payload
Mar 03 13:19:47 [IKEv1]IP = 7.1.0.2, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 124
Mar 03 13:19:47 [IKEv1]IP = 7.1.0.2, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NAT-D (20) + NAT-D (20) + NONE (0) total length : 296
Mar 03 13:19:47 [IKEv1 DEBUG]IP = 7.1.0.2, processing ke payload
Mar 03 13:19:47 [IKEv1 DEBUG]IP = 7.1.0.2, processing ISA_KE payload
Mar 03 13:19:47 [IKEv1 DEBUG]IP = 7.1.0.2, processing nonce payload
Mar 03 13:19:47 [IKEv1 DEBUG]IP = 7.1.0.2, processing VID payload
Mar 03 13:19:47 [IKEv1 DEBUG]IP = 7.1.0.2, Received Cisco Unity client VID
Mar 03 13:19:47 [IKEv1 DEBUG]IP = 7.1.0.2, processing VID payload
Mar 03 13:19:47 [IKEv1 DEBUG]IP = 7.1.0.2, Received xauth V6 VID
Mar 03 13:19:47 [IKEv1 DEBUG]IP = 7.1.0.2, processing VID payload
Mar 03 13:19:47 [IKEv1 DEBUG]IP = 7.1.0.2, Processing VPN3000/ASA spoofing IOS Vendor ID payload (version: 1.0.0, capabilities: 20000001)
Mar 03 13:19:47 [IKEv1 DEBUG]IP = 7.1.0.2, processing VID payload
Mar 03 13:19:47 [IKEv1 DEBUG]IP = 7.1.0.2, Received Altiga/Cisco VPN3000/Cisco ASA GW VID
Mar 03 13:19:47 [IKEv1 DEBUG]IP = 7.1.0.2, processing NAT-Discovery payload
Mar 03 13:19:47 [IKEv1 DEBUG]IP = 7.1.0.2, computing NAT Discovery hash
Mar 03 13:19:47 [IKEv1 DEBUG]IP = 7.1.0.2, processing NAT-Discovery payload
Mar 03 13:19:47 [IKEv1 DEBUG]IP = 7.1.0.2, computing NAT Discovery hash
Mar 03 13:19:47 [IKEv1 DEBUG]IP = 7.1.0.2, constructing ke payload
Mar 03 13:19:47 [IKEv1 DEBUG]IP = 7.1.0.2, constructing nonce payload
Mar 03 13:19:47 [IKEv1 DEBUG]IP = 7.1.0.2, constructing Cisco Unity VID payload
Mar 03 13:19:47 [IKEv1 DEBUG]IP = 7.1.0.2, constructing xauth V6 VID payload
Mar 03 13:19:47 [IKEv1 DEBUG]IP = 7.1.0.2, Send IOS VID
Mar 03 13:19:47 [IKEv1 DEBUG]IP = 7.1.0.2, Constructing ASA spoofing IOS Vendor ID payload (version: 1.0.0, capabilities: 20000001)
Mar 03 13:19:47 [IKEv1 DEBUG]IP = 7.1.0.2, constructing VID payload
Mar 03 13:19:47 [IKEv1 DEBUG]IP = 7.1.0.2, Send Altiga/Cisco VPN3000/Cisco ASA GW VID
Mar 03 13:19:47 [IKEv1 DEBUG]IP = 7.1.0.2, constructing NAT-Discovery payload
Mar 03 13:19:47 [IKEv1 DEBUG]IP = 7.1.0.2, computing NAT Discovery hash
Mar 03 13:19:47 [IKEv1 DEBUG]IP = 7.1.0.2, constructing NAT-Discovery payload
Mar 03 13:19:47 [IKEv1 DEBUG]IP = 7.1.0.2, computing NAT Discovery hash
Mar 03 13:19:47 [IKEv1]IP = 7.1.0.2, Connection landed on tunnel_group DefaultL2LGroup
Mar 03 13:19:47 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, Generating keys for Responder...
Mar 03 13:19:47 [IKEv1]IP = 7.1.0.2, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NAT-D (20) + NAT-D (20) + NONE (0) total length : 296
Mar 03 13:19:47 [IKEv1]IP = 7.1.0.2, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + ID (5) + HASH (8) + IOS KEEPALIVE (128) + VENDOR (13) + NONE (0) total length : 92
Mar 03 13:19:47 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, processing ID payload
Mar 03 13:19:47 [IKEv1 DECODE]Group = DefaultL2LGroup, IP = 7.1.0.2, ID_IPV4_ADDR ID received
7.1.0.2
Mar 03 13:19:47 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, processing hash payload
Mar 03 13:19:47 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, Computing hash for ISAKMP
Mar 03 13:19:47 [IKEv1 DEBUG]IP = 7.1.0.2, Processing IOS keep alive payload: proposal=32767/32767 sec.
Mar 03 13:19:47 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, processing VID payload
Mar 03 13:19:47 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, Received DPD VID
Mar 03 13:19:47 [IKEv1]Group = DefaultL2LGroup, IP = 7.1.0.2, Automatic NAT Detection Status: Remote end is NOT behind a NAT device This end is NOT behind a NAT device
Mar 03 13:19:47 [IKEv1]IP = 7.1.0.2, Connection landed on tunnel_group DefaultL2LGroup
Mar 03 13:19:47 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, constructing ID payload
Mar 03 13:19:47 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, constructing hash payload
Mar 03 13:19:47 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, Computing hash for ISAKMP
Mar 03 13:19:47 [IKEv1 DEBUG]IP = 7.1.0.2, Constructing IOS keep alive payload: proposal=32767/32767 sec.
Mar 03 13:19:47 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, constructing dpd vid payload
Mar 03 13:19:47 [IKEv1]IP = 7.1.0.2, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + ID (5) + HASH (8) + IOS KEEPALIVE (128) + VENDOR (13) + NONE (0) total length : 92
Mar 03 13:19:47 [IKEv1]Group = DefaultL2LGroup, IP = 7.1.0.2, PHASE 1 COMPLETED
Mar 03 13:19:47 [IKEv1]IP = 7.1.0.2, Keep-alive type for this connection: DPD
Mar 03 13:19:47 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, Starting P1 rekey timer: 24480 seconds.
Mar 03 13:19:47 [IKEv1 DECODE]IP = 7.1.0.2, IKE Responder starting QM: msg id = 3383044c
Mar 03 13:19:47 [IKEv1]IP = 7.1.0.2, IKE_DECODE RECEIVED Message (msgid=3383044c) with payloads : HDR + HASH (8) + SA (1) + NONCE (10) + ID (5) + ID (5) + NOTIFY (11) + NONE (0) total length : 184
Mar 03 13:19:47 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, processing hash payload
Mar 03 13:19:47 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, processing SA payload
Mar 03 13:19:47 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, processing nonce payload
Mar 03 13:19:47 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, processing ID payload
Mar 03 13:19:47 [IKEv1 DECODE]Group = DefaultL2LGroup, IP = 7.1.0.2, ID_IPV4_ADDR ID received
7.1.0.2
Mar 03 13:19:47 [IKEv1]Group = DefaultL2LGroup, IP = 7.1.0.2, Received remote Proxy Host data in ID Payload: Address 7.1.0.2, Protocol 0, Port 0
Mar 03 13:19:47 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, processing ID payload
Mar 03 13:19:47 [IKEv1 DECODE]Group = DefaultL2LGroup, IP = 7.1.0.2, ID_IPV4_ADDR ID received
7.0.0.2
Mar 03 13:19:47 [IKEv1]Group = DefaultL2LGroup, IP = 7.1.0.2, Received local Proxy Host data in ID Payload: Address 7.0.0.2, Protocol 0, Port 0
Mar 03 13:19:47 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, processing notify payload
Mar 03 13:19:47 [IKEv1]Group = DefaultL2LGroup, IP = 7.1.0.2, QM IsRekeyed old sa not found by addr
Mar 03 13:19:47 [IKEv1]Group = DefaultL2LGroup, IP = 7.1.0.2, Skipping dynamic map DYNMAP sequence 10: access-list mismatch.
Mar 03 13:19:47 [IKEv1]Group = DefaultL2LGroup, IP = 7.1.0.2, Rejecting IPSec tunnel: no matching crypto map entry for remote proxy 7.1.0.2/255.255.255.255/0/0 local proxy 7.0.0.2/255.255.255.255/0/0 on interface Outside
Mar 03 13:19:47 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, sending notify message
Mar 03 13:19:47 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, constructing blank hash payload
Mar 03 13:19:47 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, constructing qm hash payload
Mar 03 13:19:47 [IKEv1]IP = 7.1.0.2, IKE_DECODE SENDING Message (msgid=f717942f) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 236
Mar 03 13:19:47 [IKEv1]Group = DefaultL2LGroup, IP = 7.1.0.2, QM FSM error (P2 struct &0x00007fff9f9787e0, mess id 0x3383044c)!
Mar 03 13:19:47 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, IKE QM Responder FSM error history (struct &0x00007fff9f9787e0) <state>, <event>: QM_DONE, EV_ERROR-->QM_BLD_MSG2, EV_NEGO_SA-->QM_BLD_MSG2, EV_IS_REKEY-->QM_BLD_MSG2, EV_CONFIRM_SA-->QM_BLD_MSG2, EV_PROC_MSG-->QM_BLD_MSG2, EV_HASH_OK-->QM_BLD_MSG2, NullEvent-->QM_BLD_MSG2, EV_COMP_HASH
Mar 03 13:19:47 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, sending delete/delete with reason message
Mar 03 13:19:47 [IKEv1]Group = DefaultL2LGroup, IP = 7.1.0.2, Removing peer from correlator table failed, no match!
Mar 03 13:19:47 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, IKE SA MM:74a1793f rcv'd Terminate: state MM_ACTIVE flags 0x0001c042, refcnt 1, tuncnt 0
Mar 03 13:19:47 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, IKE SA MM:74a1793f terminating: flags 0x0101c002, refcnt 0, tuncnt 0
Mar 03 13:19:47 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, sending delete/delete with reason message
Mar 03 13:19:47 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, constructing blank hash payload
Mar 03 13:19:47 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, constructing IKE delete payload
Mar 03 13:19:47 [IKEv1 DEBUG]Group = DefaultL2LGroup, IP = 7.1.0.2, constructing qm hash payload
Mar 03 13:19:47 [IKEv1]IP = 7.1.0.2, IKE_DECODE SENDING Message (msgid=883e1938) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 76
Mar 03 13:19:47 [IKEv1]Group = DefaultL2LGroup, IP = 7.1.0.2, Session is being torn down. Reason: crypto map policy not found
Mar 03 13:19:47 [IKEv1]Ignoring msg to mark SA with dsID 208896 dead because SA deleted
Mar 03 13:19:47 [IKEv1]IP = 7.1.0.2, Received encrypted packet with no matching SA, dropping
ASA1# undebug all
ASA1#
ASA2#
ASA2#
ASA2# debug crypto isakmp 127
ASA2# Mar 03 08:58:34 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0
Mar 03 08:58:34 [IKEv1]: IP = 7.0.0.2, IKE Initiator: New Phase 1, Intf Outside, IKE Peer 7.0.0.2 local Proxy Address 7.1.0.2, remote Proxy Address 7.0.0.2, Crypto map (HQ2REMOTE)
Mar 03 08:58:34 [IKEv1 DEBUG]: IP = 7.0.0.2, constructing ISAKMP SA payload
Mar 03 08:58:34 [IKEv1 DEBUG]: IP = 7.0.0.2, constructing NAT-Traversal VID ver 02 payload
Mar 03 08:58:34 [IKEv1 DEBUG]: IP = 7.0.0.2, constructing NAT-Traversal VID ver 03 payload
Mar 03 08:58:34 [IKEv1 DEBUG]: IP = 7.0.0.2, constructing NAT-Traversal VID ver RFC payload
Mar 03 08:58:34 [IKEv1 DEBUG]: IP = 7.0.0.2, constructing Fragmentation VID + extended capabilities payload
Mar 03 08:58:34 [IKEv1]: IP = 7.0.0.2, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 168
Mar 03 08:58:34 [IKEv1]: IP = 7.0.0.2, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 124
Mar 03 08:58:34 [IKEv1 DEBUG]: IP = 7.0.0.2, processing SA payload
Mar 03 08:58:34 [IKEv1 DEBUG]: IP = 7.0.0.2, Oakley proposal is acceptable
Mar 03 08:58:34 [IKEv1 DEBUG]: IP = 7.0.0.2, processing VID payload
Mar 03 08:58:34 [IKEv1 DEBUG]: IP = 7.0.0.2, Received NAT-Traversal RFC VID
Mar 03 08:58:34 [IKEv1 DEBUG]: IP = 7.0.0.2, processing VID payload
Mar 03 08:58:34 [IKEv1 DEBUG]: IP = 7.0.0.2, Received Fragmentation VID
Mar 03 08:58:34 [IKEv1 DEBUG]: IP = 7.0.0.2, IKE Peer included IKE fragmentation capability flags: Main Mode: True Aggressive Mode: True
Mar 03 08:58:34 [IKEv1 DEBUG]: IP = 7.0.0.2, constructing ke payload
Mar 03 08:58:34 [IKEv1 DEBUG]: IP = 7.0.0.2, constructing nonce payload
Mar 03 08:58:34 [IKEv1 DEBUG]: IP = 7.0.0.2, constructing Cisco Unity VID payload
Mar 03 08:58:34 [IKEv1 DEBUG]: IP = 7.0.0.2, constructing xauth V6 VID payload
Mar 03 08:58:34 [IKEv1 DEBUG]: IP = 7.0.0.2, Send IOS VID
Mar 03 08:58:34 [IKEv1 DEBUG]: IP = 7.0.0.2, Constructing ASA spoofing IOS Vendor ID payload (version: 1.0.0, capabilities: 20000001)
Mar 03 08:58:34 [IKEv1 DEBUG]: IP = 7.0.0.2, constructing VID payload
Mar 03 08:58:34 [IKEv1 DEBUG]: IP = 7.0.0.2, Send Altiga/Cisco VPN3000/Cisco ASA GW VID
Mar 03 08:58:34 [IKEv1 DEBUG]: IP = 7.0.0.2, constructing NAT-Discovery payload
Mar 03 08:58:34 [IKEv1 DEBUG]: IP = 7.0.0.2, computing NAT Discovery hash
Mar 03 08:58:34 [IKEv1 DEBUG]: IP = 7.0.0.2, constructing NAT-Discovery payload
Mar 03 08:58:34 [IKEv1 DEBUG]: IP = 7.0.0.2, computing NAT Discovery hash
Mar 03 08:58:34 [IKEv1]: IP = 7.0.0.2, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NAT-D (20) + NAT-D (20) + NONE (0) total length : 296
Mar 03 08:58:34 [IKEv1]: IP = 7.0.0.2, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NAT-D (20) + NAT-D (20) + NONE (0) total length : 296
Mar 03 08:58:34 [IKEv1 DEBUG]: IP = 7.0.0.2, processing ke payload
Mar 03 08:58:34 [IKEv1 DEBUG]: IP = 7.0.0.2, processing ISA_KE payload
Mar 03 08:58:34 [IKEv1 DEBUG]: IP = 7.0.0.2, processing nonce payload
Mar 03 08:58:34 [IKEv1 DEBUG]: IP = 7.0.0.2, processing VID payload
Mar 03 08:58:34 [IKEv1 DEBUG]: IP = 7.0.0.2, Received Cisco Unity client VID
Mar 03 08:58:34 [IKEv1 DEBUG]: IP = 7.0.0.2, processing VID payload
Mar 03 08:58:34 [IKEv1 DEBUG]: IP = 7.0.0.2, Received xauth V6 VID
Mar 03 08:58:34 [IKEv1 DEBUG]: IP = 7.0.0.2, processing VID payload
Mar 03 08:58:34 [IKEv1 DEBUG]: IP = 7.0.0.2, Processing VPN3000/ASA spoofing IOS Vendor ID payload (version: 1.0.0, capabilities: 20000001)
Mar 03 08:58:34 [IKEv1 DEBUG]: IP = 7.0.0.2, processing VID payload
Mar 03 08:58:34 [IKEv1 DEBUG]: IP = 7.0.0.2, Received Altiga/Cisco VPN3000/Cisco ASA GW VID
Mar 03 08:58:34 [IKEv1 DEBUG]: IP = 7.0.0.2, processing NAT-Discovery payload
Mar 03 08:58:34 [IKEv1 DEBUG]: IP = 7.0.0.2, computing NAT Discovery hash
Mar 03 08:58:34 [IKEv1 DEBUG]
ASA2# : IP = 7.0.0.2, processing NAT-Discovery payload
Mar 03 08:58:34 [IKEv1 DEBUG]: IP = 7.0.0.2, computing NAT Discovery hash
Mar 03 08:58:34 [IKEv1]: IP = 7.0.0.2, Connection landed on tunnel_group 7.0.0.2
Mar 03 08:58:34 [IKEv1 DEBUG]: Group = 7.0.0.2, IP = 7.0.0.2, Generating keys for Initiator...
Mar 03 08:58:34 [IKEv1 DEBUG]: Group = 7.0.0.2, IP = 7.0.0.2, constructing ID payload
Mar 03 08:58:34 [IKEv1 DEBUG]: Group = 7.0.0.2, IP = 7.0.0.2, constructing hash payload
Mar 03 08:58:34 [IKEv1 DEBUG]: Group = 7.0.0.2, IP = 7.0.0.2, Computing hash for ISAKMP
Mar 03 08:58:34 [IKEv1 DEBUG]: IP = 7.0.0.2, Constructing IOS keep alive payload: proposal=32767/32767 sec.
Mar 03 08:58:34 [IKEv1 DEBUG]: Group = 7.0.0.2, IP = 7.0.0.2, constructing dpd vid payload
Mar 03 08:58:34 [IKEv1]: IP = 7.0.0.2, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + ID (5) + HASH (8) + IOS KEEPALIVE (128) + VENDOR (13) + NONE (0) total length : 92
Mar 03 08:58:34 [IKEv1]: Group = 7.0.0.2, IP = 7.0.0.2, Automatic NAT Detection Status: Remote end is NOT behind a NAT device This end is NOT behind a NAT device
Mar 03 08:58:34 [IKEv1]: IP = 7.0.0.2, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + ID (5) + HASH (8) + IOS KEEPALIVE (128) + VENDOR (13) + NONE (0) total length : 92
Mar 03 08:58:34 [IKEv1 DEBUG]: Group = 7.0.0.2, IP = 7.0.0.2, processing ID payload
Mar 03 08:58:34 [IKEv1 DECODE]: Group = 7.0.0.2, IP = 7.0.0.2, ID_IPV4_ADDR ID received
7.0.0.2
Mar 03 08:58:34 [IKEv1 DEBUG]: Group = 7.0.0.2, IP = 7.0.0.2, processing hash payload
Mar 03 08:58:34 [IKEv1 DEBUG]: Group = 7.0.0.2, IP = 7.0.0.2, Computing hash for ISAKMP
Mar 03 08:58:34 [IKEv1 DEBUG]: IP = 7.0.0.2, Processing IOS keep alive payload: proposal=32767/32767 sec.
Mar 03 08:58:34 [IKEv1 DEBUG]: Group = 7.0.0.2, IP = 7.0.0.2, processing VID payload
Mar 03 08:58:34 [IKEv1 DEBUG]: Group = 7.0.0.2, IP = 7.0.0.2, Received DPD VID
Mar 03 08:58:34 [IKEv1]: IP = 7.0.0.2, Connection landed on tunnel_group 7.0.0.2
Mar 03 08:58:34 [IKEv1 DEBUG]: Group = 7.0.0.2, IP = 7.0.0.2, Oakley begin quick mode
Mar 03 08:58:34 [IKEv1 DECODE]: Group = 7.0.0.2, IP = 7.0.0.2, IKE Initiator starting QM: msg id = ea585f90
Mar 03 08:58:34 [IKEv1]: Group = 7.0.0.2, IP = 7.0.0.2, PHASE 1 COMPLETED
Mar 03 08:58:34 [IKEv1]: IP = 7.0.0.2, Keep-alive type for this connection: DPD
Mar 03 08:58:34 [IKEv1 DEBUG]: Group = 7.0.0.2, IP = 7.0.0.2, Starting P1 rekey timer: 27360 seconds.
Mar 03 08:58:34 [IKEv1 DEBUG]: Group = 7.0.0.2, IP = 7.0.0.2, IKE got SPI from key engine: SPI = 0xe5aab4b5
Mar 03 08:58:34 [IKEv1 DEBUG]: Group = 7.0.0.2, IP = 7.0.0.2, oakley constucting quick mode
Mar 03 08:58:34 [IKEv1 DEBUG]: Group = 7.0.0.2, IP = 7.0.0.2, constructing blank hash payload
Mar 03 08:58:34 [IKEv1 DEBUG]: Group = 7.0.0.2, IP = 7.0.0.2, constructing IPSec SA payload
Mar 03 08:58:34 [IKEv1 DEBUG]: Group = 7.0.0.2, IP = 7.0.0.2, constructing IPSec nonce payload
Mar 03 08:58:34 [IKEv1 DEBUG]: Group = 7.0.0.2, IP = 7.0.0.2, constructing proxy ID
Mar 03 08:58:34 [IKEv1 DEBUG]: Group = 7.0.0.2, IP = 7.0.0.2, Transmitting Proxy Id:
Local host: 7.1.0.2 Protocol 0 Port 0
Remote host: 7.0.0.2 Protocol 0 Port 0
Mar 03 08:58:34 [IKEv1 DECODE]: Group = 7.0.0.2, IP = 7.0.0.2, IKE Initiator sending Initial Contact
Mar 03 08:58:34 [IKEv1 DEBUG]: Group = 7.0.0.2, IP = 7.0.0.2, constructing qm hash payload
Mar 03 08:58:34 [IKEv1 DECODE]: Group = 7.0.0.2, IP = 7.0.0.2, IKE Initiator sending 1st QM pkt: msg id = ea585f90
Mar 03 08:58:34 [IKEv1]: IP = 7.0.0.2, IKE_DECODE SENDING Message (msgid=ea585f90) with payloads : HDR + HASH (8) + SA (1) + NONCE (10) + ID (5) + ID (5) + NOTIFY (11) + NONE (0) total length : 184
Mar 03 08:58:34 [IKEv1]: IP = 7.0.0.2, IKE_DECODE RECEIVED Message (msgid=602db3a7) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 236
Mar 03 08:58:34 [IKEv1 DEBUG]: Group = 7.0.0.2, IP = 7.0.0.2, processing hash payload
Mar 03 08:58:34 [IKEv1 DEBUG]: Group = 7.0.0.2, IP = 7.0.0.2, processing notify payload
Mar 03 08:58:34 [IKEv1]: Group = 7.0.0.2, IP = 7.0.0.2, Received non-routine Notify message: Invalid ID info (18)
Mar 03 08:58:34 [IKEv1]: IP = 7.0.0.2, IKE_DECODE RECEIVED Message (msgid=29ddd81f) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 76
Mar 03 08:58:34 [IKEv1 DEBUG]: Group = 7.0.0.2, IP = 7.0.0.2, processing hash payload
Mar 03 08:58:34 [IKEv1 DEBUG]: Group = 7.0.0.2, IP = 7.0.0.2, processing delete
Mar 03 08:58:34 [IKEv1]: Group = 7.0.0.2, IP = 7.0.0.2, Connection terminated for peer 7.0.0.2. Reason: Peer Terminate Remote Proxy N/A, Local Proxy N/A
Mar 03 08:58:34 [IKEv1 DEBUG]: Group = 7.0.0.2, IP = 7.0.0.2, sending delete/delete with reason message
Mar 03 08:58:34 [IKEv1 DEBUG]: Group = 7.0.0.2, IP = 7.0.0.2, constructing blank hash payload
Mar 03 08:58:34 [IKEv1 DEBUG]: Group = 7.0.0.2, IP = 7.0.0.2, constructing IPSec delete payload
Mar 03 08:58:34 [IKEv1 DEBUG]: Group = 7.0.0.2, IP = 7.0.0.2, constructing qm hash payload
Mar 03 08:58:34 [IKEv1]: IP = 7.0.0.2, IKE_DECODE SENDING Message (msgid=2a8b25a9) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 64
Mar 03 08:58:34 [IKEv1 DEBUG]: Group = 7.0.0.2, IP = 7.0.0.2, IKE Deleting SA: Remote Proxy 7.0.0.2, Local Proxy 7.1.0.2
Mar 03 08:58:34 [IKEv1]: Group = 7.0.0.2, IP = 7.0.0.2, Removing peer from correlator table failed, no match!
Mar 03 08:58:34 [IKEv1 DEBUG]: Group = 7.0.0.2, IP = 7.0.0.2, IKE SA MM:7362cee8 terminating: flags 0x0100c822, refcnt 0, tuncnt 0
Mar 03 08:58:34 [IKEv1]: Group = 7.0.0.2, IP = 7.0.0.2, Session is being torn down. Reason: User Requested
Mar 03 08:58:34 [IKEv1]: Ignoring msg to mark SA with dsID 217088 dead because SA deleted
Mar 03 08:58:34 [IKEv1 DEBUG]: Pitcher: received key delete msg, spi 0xe5aab4b5
ASA2# undebug all
ASA2#
Thanks,
Ken
Similar Messages
-
Is there a way to create a heading with shading behind the text and thin lines above and below?
I'm working with InDesign CS6, Windows 7.
Is there a way, using paragraph rules, to create a heading with shading behind the text and thin lines above and below the text?
I'd like to create headings that look like these:
Thank you!I have a document where I almost do such, but without the fill. I use a Head Style which Spans Columns for this instance; it allows the haeds to flow and fill the width.
Paragraph Rules above and below are turned on with plenty of offset.
I tweaked my setting to accomodate your need - It required only one instance, not above and below, and changing the stroke to a double stroke.
It may be necessary to create a custom stroke to modify the proportion of stroke vs fill. There is a difference of thin-thin and thick-thick, neither of which seemed perfect but might be dependent on the Character height.
Creating custom strokes is accomplished via the Strokes Panel. -
TS1627 iCal on my MacBook Pro won't sync with iCal on the iPhone and visa versa
Just got a new iPhone 5 and now iCal on my MacBook Pro won't sync with iCal on the iPhone and visa versa
Hi Jetjuice!
I have an article that can help you troubleshoot this issue a little further and can provide you with some more steps to take in attempting to resolve this issue:
Sync Services: Advanced troubleshooting for contact and calendar syncing
http://support.apple.com/kb/ts2481
That article has an extensive list of steps to perform in attempting to get the calendar to sync again, and those steps should help you resolve the issue. Thanks for using the Apple Support Communities!
Cheers,
Braden -
i have a problem with mail. the spelling and grammer check box before sending the messege is no longer there. I did everything but cannot get it back. is ther anyone who knows how to get the box with spelling and grammer checks before sending the mail.
Also the mail is acting very funny by not getting the rules work in a proper method. Is ther a software to repair mail.i did both of them, but still the while sending the mail the diolog box is not showing up and also the spelling and grammer does not do the spelling check.
This problem just started for about 3 to 4 days now. earlier it was working normally. -
Hello, I'm using Mac with the newest operating system (snow leopard 10.6.7). since I've updated to Firefox 4 It doesn't display Hebrew fonts… I didn't have any problems with it before the upgrade and in safari I have no problem with it. please help me- I don't like to use safari a my browser...
elly903 wrote:
Before commenting - I CANNOT install Mavericks because it'll mess up the versions of Filemaker Pro and Quicken that I use regularly...
Quicken 2007 for Intel (Snow Leopard, Lion, Mt. Lion and Mavericks) for $15:
http://quicken.intuit.com/personal-finance-software/quicken-2007-osx-lion.jsp
It will input your Quicken PPC data file directly if it was Quicken 2005 through 2007. If older you need Quicken 2006 or 2007 PPC first to convert your data file; and this update must be done BEFORE you upgrade to Mavericks:
http://quicken.intuit.com/support/help/patching/quicken-2006-manual-updates--mac -/GEN82200.html
Filemaker Pro PPC (in this case 7) running in Snow Leopard Server installed into Parallels for use in Lion, Mt. Lion and Mavericks:
[click on image to enlarge]
Snow Leopard Server: 1.800.MYAPPLE (1.800.692.7753) - Apple Part Number: MC588Z/A (telephone orders only)
This solution allows you to run your Photoshop Elements in Mavericks concurrently with Filemaker Pro PPC. Mavericks is a free download. -
When I open a file it normally opens in 12.5% stated on the header. For some reason, it now opens with 100+% on the header and is much smaller in size. How do I go back to the first option I noted? I use AP to work on blueprints for measuring so the accuracy matters. Any direction would be greatly appreciated. Thank you.
Are the image all the same size the % files open into a document seems to vary with the number of pixels the image being opened has. Check the Image size.
-
my host name changes every few days, since Xmas adding a macbook its changed 6 times. Do I need to stop this? Does it cause problems with sharing between the iMac and macbook?
There are several possible causes for this problem.
1. Two (or more) computers on the local network have the same Bonjour name, such as "X's-MacBook-Pro.local".
2. You have two simultaneous connections to the same local network: probably Ethernet and Wi-Fi. If applicable, disconnect the Ethernet cable or turn off Wi-Fi.
3. A Mac wakes from sleep due to network traffic. This is due to a bug in OS X that may only affect some models.
4. A device that gets its network address from the router wakes from sleep, and the address it was using before has been assigned to another device.
5. A third-party wireless router has incompatible settings or firmware. In that case, refer to the manufacturer or ISP for support. Restarting the router may help, temporarily.
6. See also this support article.
Rename the computer in the Sharing preference pane. -
Went with Verizon because the rep and Verizon's coverage map showed strong 4G LTE signal at my address. Got home and discovered that the signal is nowhere near what I was shown. People have said that they contacted Verizon and received signal boosters and I was wondering if anyone had knowledge of this?
jslack73,
Thank you so much for those details. I do see that the area should have pretty good coverage. Since you have been at home have you been able to remove the sim card for a good 10-15 seconds http://vz.to/1ys6Uj0? Also, please try resetting the network settings on the phone. You can do that by going into Settings, General, Reset, and Reset Network Settings. After this is complete you would need to re-add in your wi-fi passwords. Please keep us posted.
KevinR_VZW
Follow us on Twitter @VZWSupport -
Get message "loaded with errors on the target and was closed" but there are no errors in the vi.
Hi,
Attached image shows the error message which i receive when I try to run my vi. "vi loaded with errors on the target and was closed"
The vi has no errors as far as I can see and hasn't changed since I ran it a few days ago and it functioned fine. other vi's in the project run without any issue.
Any guidance to find the issue would be greatly appreciated!
Thanks,
Conor
Attachments:
Labview error.JPG 43 KBSome tips:
1. Try to recompile the VI which is "loaded broken" (ctrl+click on Run arrow). Deploy.
2. Try to recompile this VI and its dependencies (ctrl+shift+click on Run arrow). Deploy.
3. Try to recompile top-level VI and its dependencies. Deploy.
4. Change something in "loaded broken" VI (add some code, like reversing array back and forth, just to make LV recompile it). Deploy.
5. Close the project. Restart RIO. Open project. Deploy.
6. Close LabVIEW. Restart computer. Restart RIO. Open project. Deploy.
7. Take another computer. Deploy from it.
8. Close project. Clear compiled object cache (menu Tools -> Advanced -> Clear compiled object cache...). Open project. Wait until LV will open/recompile it. Deploy.
9. Do as 7, but in the meantime reformat RIO from MAX. Open project. Deploy.
10. Contact NI Support. Send them your project. Make them Deploy it.
The fun starts when you have project which deploys for 30 minutes... Usually I skip straight to step 8 then, and usually it helps. -
The accursed little dark gray ball with white in the center and white arrows, either two or four, which seize control of the screen and move the text or pictures up, down, left, right and can be stopped only by finding the ball and clicking it. I want to stop the thing permanently. Firefox 3.6 and 3.64
== This happened ==
Every time Firefox opened
== with 3.60The accursed little dark gray ball with white in the center and white arrows, either two or four, which seize control of the screen and move the text or pictures up, down, left, right and can be stopped only by finding the ball and clicking it. I want to stop the thing permanently. Firefox 3.6 and 3.64
== This happened ==
Every time Firefox opened
== with 3.60 -
Hi, I had bought an iPhone 4s 3 days ago & unfortunately it's been stolen at the day only,So it's a unregistered,seal peace only. What I have with me is the bill and on that the IMEI no of the iPhone. Is there any way to track it or getting information.
Please help me out of this,,,,,....No, there is nothing you can do if you had not setup Find my iPhone on it.
The bill and IMEI are useless for tracking a phone. -
Today, I experienced a problem with my mail. the time and date on each email received and sent is 18.06 and date as 22nd July. Thank you John
Incorrect date or time displayed in various applications
-
.vi loaded with errors on the target and was closed
When I intend to run my RT (communicating with an FPGA on a cRIO) it only runs one time. The second trial leads to the following error:
NI_AALBase.lvlibine Wave.vi loaded with errors on the target and was closed.
LabVIEW: Failed to load shared library lvanlys.*ineWaveCIN:C on RT target device.
After reseting the FPGA and Labview it runs again, but also only for one time.
Thanks for solutions!
Thomas VoglError 'found'.
Process (one day working on it!):
1- 'Disabled' .vi cutting it into small pieces.
2- Locate code that provokes 'not defined error' by enabling and running.
3- Finally located.
My case:
I've designed a communication system. To send data uses a PDU containing a 'variant' and 'ring'. This ring indicates type of data to convert variant with necessary typedef. The system defines 4 default msgs on ring (NULL, ACK, NACK, PING).
The receptor works well, but as I have a lot of data types, I need a case structure. (rings do not work with case at least on 2011) Then I do next thing:
Explicit cast to a typedef enum with all my data values... (This system is designed for our purposes and could not be the better solution)
... UNDEFINED ERROR ON PXI ...
Solution:
Instead using explicit typecast use "coercion dot" casting. Like here.
I receive an U16 data that PXI cast to my enum on 'data out' indicator (you can't see coercion dot because pink and red are 'very different' colors)
No more errors.
Conclusions:
Labview has issues working with explicit type-casting to enums. I can't work more on it, but is necessary to debug this kind of issues because can affect projects at last steps of the development and drives LVdevelopers crazy.
The only think I do with the enumeration is to add new element and all the system fails...
Thank you for your reply Schmitz!
I hope that this information could help somebody that in the future needs to investigate how LV works... xD
Probably this is not the only issue related with ".vi loaded with errors on the target" (known as the "well defined error").
Cheers -
Security concerns in a Corp Environment with introducing of the iPhone????
Hello,
We are a Microsoft Environment that presently supports the Blackberry on a BES Server connecting to our MS Exchange.
Been ask to test the iPhone 3Gs in our Environment. So far so good...
My only concern is the Data on our clients devices and if they connect to a WiFi spot, will their data be safe??? Worried that it may viewed somehow buy someone...
Should this be a concern??? Is there docs showing how to prevent any sort of Hacking of the device by a third party? Special steps to help users to protect iPhone Data?
thanks
Michaelhttp://www.apple.com/iphone/business/integration/
http://images.apple.com/iphone/business/docs/iPhoneSecurityOverview.pdf -
Unable to close open apps with double clicking the button and when I tap screen does not respond?
Cannot not close open apps with double clicking the button Since downloading iOS8.
What happens when you try? Does double clicking the ?home button bring up the Task Bar of recently used apps? If so what happens when you flick up on the preview screen for the app you want to close?
To quit an app double click the Home button to reveal the row of recently used apps. Flick up on the page preview and it will fly away and disappear. That quits the app.
Maybe you are looking for
-
I HAVE COMPLETED SEVERAL IMOVIES AND FINALIZED JUST FINE. NOW I GET THE FOLLOWING MESSAGE FROM MY LATEST PROJECT. "The project could not be prepared for publishing because an error occurred. (File already open with write permission)"! What is goi
-
Where is the java root in BI EE ?
hello every body. I have changed the java version and install java 5.0 update 10, because I had problems with the update 15 one. I want to make the change work with BI EE, but I forgot the file system of BI EE where the root of java is placed !!! Can
-
IE02 services for object- How to collective list attachment by many equip?
Hi all, IE01/IE02 i create attachment by services for object for equipment. But I want to collective list attachment by equipment, not by individual equip to display. How to do that? or which table can i find the info? thanks a lot
-
Dates in MD04 not matching with dat00 field of structure MDTBX
Hi, I am trying to populate MDTBX structure using DTNUM field of MDKP as follows. "IMPORT mdtbx FROM DATABASE mdtc(ar) ID wa_mdkp-dtnum". Now the DATOO field of MDTBX will be same as dates in MD04 for a material , plant and a Vendor. But for som
-
Working with OracleDataAdapter
Hi,( new to .NET Environment ) 1) When tables are dragged from oracle explorer of vs2005, it creates adapter,connection and a dataset( for a single table). if another table dragged another dataset created and so on. Is there is any way to have all th