HungryHouse
Vendor
ASAs are 5505 running version 8.2.5 - attempting to establish a Lan2Lan IPSec VPN tunnel.
Has anyone ever seen duplicate ISAKMP SAs to the same peer?
I debugged the isakmp proposals and continue to receive
"Duplicate Phase 1 packet detected. Retransmitting last packet.
Mar 13 22:36:02 [IKEv1]: Group = 172.16.104.2, IP = 172.16.104.2, P1 Retransmit
msg dispatched to MM FSM"
The Phase 1 never truly shows complete...here is what I see for status of the SA's:
"1 IKE Peer: 172.16.104.2
Type : L2L Role : responder
Rekey : no State : MM_WAIT_MSG5
Encrypt : aes-256 Hash : SHA
Auth : preshared Lifetime: 86400
Lifetime Remaining: 2147061470
2 IKE Peer: 172.16.104.2
Type : L2L Role : responder
Rekey : no State : MM_WAIT_MSG5
Encrypt : aes-256 Hash : SHA
Auth : preshared Lifetime: 86400
Lifetime Remaining: 2147061470"
Notice the EXACT same lifetimes! Bizarre? Has anyone seen this before? Note the states are not ACTIVE yet.
I would normally just move on and troubleshoot here for ONE incomplete SA (I am going to check the PSKs and lifetimes are the same etc), but why in the world would we have duplicate SA??
Thanks,
HH
Real trouble call:
Customer: "I have a huge problem. A friend has put a screensaver on my computer, but every time I move the mouse, it disappears!"
Has anyone ever seen duplicate ISAKMP SAs to the same peer?
I debugged the isakmp proposals and continue to receive
"Duplicate Phase 1 packet detected. Retransmitting last packet.
Mar 13 22:36:02 [IKEv1]: Group = 172.16.104.2, IP = 172.16.104.2, P1 Retransmit
msg dispatched to MM FSM"
The Phase 1 never truly shows complete...here is what I see for status of the SA's:
"1 IKE Peer: 172.16.104.2
Type : L2L Role : responder
Rekey : no State : MM_WAIT_MSG5
Encrypt : aes-256 Hash : SHA
Auth : preshared Lifetime: 86400
Lifetime Remaining: 2147061470
2 IKE Peer: 172.16.104.2
Type : L2L Role : responder
Rekey : no State : MM_WAIT_MSG5
Encrypt : aes-256 Hash : SHA
Auth : preshared Lifetime: 86400
Lifetime Remaining: 2147061470"
Notice the EXACT same lifetimes! Bizarre? Has anyone seen this before? Note the states are not ACTIVE yet.
I would normally just move on and troubleshoot here for ONE incomplete SA (I am going to check the PSKs and lifetimes are the same etc), but why in the world would we have duplicate SA??
Thanks,
HH
Real trouble call:
Customer: "I have a huge problem. A friend has put a screensaver on my computer, but every time I move the mouse, it disappears!"