Cisco VPN :: 5540 Duplicate Phase Packet Detected

Feb 27, 2011

I have a little problem with a Easy VPN, this is the topology:
 
-One router 2811: This is the Easy-client (Who has a ip address by dhcp)

-One ASA 5540: This is the Easy-server

View 11 Replies


ADVERTISEMENT

Cisco VPN :: ASA-5520 Logs 713201 Duplicate Phase 2 Packet Detected

Feb 8, 2012

Got a classical remote access vpn with Cisco VPN Client and ASA-5520, Some weeks ago I noticed in my ASA logs this severity 5 Message. Group = xyz, Username = abc, IP = 84.n.n.n, Duplicate Phase 2  packet detected. No last packet to retransmit. This message comes with every connect, but then connections works fine.

Remark: See ASA ADSM:

- 1. Duplicated Phase II (!!)
- 2. Phase I
- 3. Phase II

View 4 Replies View Related

Cisco WAN :: 3945 - Looping Packet Detected And Dropped

Aug 11, 2012

IOS : c3900e-universalk9-mz.SPA.151-1.T.bin
Router: Cisco 3945
 
We are getting error msgs :
 
Aug 13 06:26:57: %TRACKING-5-STATE: 50 ip sla 50 reachability Up->DownAug 13 06:26:58: %TRACKING-5-STATE: 55 list boolean and Up->DownAug 13 06:26:58: %IP-3-LOOPPAK: Looping packet detected and dropped -Aug 13 06:27:12: %TRACKING-5-STATE: 50 ip sla 50 reachability Down->UpAug 13 06:27:13: %TRACKING-5-STATE: 55 list boolean and Down->Up
Aug 13 06:32:57: %TRACKING-5-STATE: 50 ip sla 50 reachability Up->DownAug 13 06:32:58: %TRACKING-5-STATE: 55 list boolean and Up->DownAug 13 06:32:58: %IP-3-LOOPPAK: Looping packet detected and dropped -Aug 13 06:33:12: %TRACKING-5-STATE: 50 ip sla 50 reachability Down->UpAug 13 06:33:13: %TRACKING-5-STATE: 55 list boolean and Down->Up

View 5 Replies View Related

Cisco VPN :: 876 Phase 2 SA Policy Not Acceptable

Oct 16, 2012

I want to setup a vpn tunnel from a Cisco VPN Client in the internet over a fritzbox to the Cisco 876 (Version 15.1(4)M3) so that the vpn tunnel terminates at the Cisco 876.For that reason I used the command "crypto map mymap" on the int fastethernet 1. When I try to connect, the VPN Client opens the window for username and password but then ends with the message "not connected". When I do "debug crypto isakmp" the Cisco 876 shows the message: "phase 2 SA policy not acceptable!". [code]

View 3 Replies View Related

Cisco WAN :: Will 3945 Work On 208 V Single Phase

Mar 12, 2013

Will the 3945 router work on 208 V single phase (line to line)?  I know it mentions 100-240 VAC, but would the line-to-line issue cause a problem?

View 1 Replies View Related

To Find A Pass Phase Number

Jul 24, 2011

How to do the above thing.

View 3 Replies View Related

Cisco VPN :: ASA5510 To 2951 - Phase 2 Failures With 10.x Subnets

Apr 25, 2013

I have a site to site ipsec tunnel setup between an ASA5510 and a 2951 Router. The ASA 5510 is on a 10.x subnet with a few vlans behind it. There are also 7 other ASA5505 that connect to this box with ipsec.
 
The 2951 is on a 10.x subnet with multiple vlans behind it (10.x and 192.x subnets).
 
When I had ACL to allow traffic from 10.20.0.0 (ASA) to 192.168.111.0 (2951 - voice vlan) the connection comes online and is stable.
 
The minute I add any of the following, the connection drops off with Phase 2 errors: 10.20.0.0 to 10.1.200.0 10.20.1.0 to 10.1.1.0
 
I can add a second 10.20.0.0 to 192.168.10.0 with no problem at all. The issue only seems to occur when attempting to add traffic from 10 to 10 on the tunnel.

View 2 Replies View Related

Cisco VPN :: ASA 5580 Random (Phase 2 Rekey Collision)

Feb 25, 2013

Configuration is simple, from one side ASA 5580 with soft asa844-5-smp-k8.bin, from another side: ASA 5520 with asa845-k8.bin. Between them is builded IPsec LAN-to-LAN.Usually it works fine, but:    In random time I can get  error in logs something like that on ASA 5520:   %ASA-5-713904: Group = x.x.x.200, IP = x.x.x.200, Phase 2 rekey collision, found centry 0x6cec9d28 or on ASA 5580:   %ASA-5-713904: Group = x.x.x.234, IP = x.x.x.234, Phase 2 rekey collision, found centry 0x00007ffe782dfa60 The main problem that if this error is occured on 5520 - all continues to work (only this message is appear in log).
 
If this problem occured on 5580 - tunnel stopped his work. One thing that works - it is drop crypto SA (clear crypto ikev1 sa x.x.x.234), after that tunnel reinitialized and all starts work again. As far as I know, this problem was on 5520 to version 8.4.2 and was solved in 8.4.3. But, as you see, in version for 5580 (-smp) this bug is still present in newer versions.

View 2 Replies View Related

Cisco VPN :: 7600 - Cannot Successfully Negotiate ISAKMP Phase 1

Apr 22, 2012

I am trying to set up a site to site VPN tunnel using GRE over IPSEC. Below is the configuration from both routers and debug output. I'm scratching my head on this one. I'm using two Cisco 7600 routers with  SSC-400 SPA modules and 720 Supervisors. The IOS on R1 is 12.2 SXI2 and R2 has 12.2 SXI3.

View 1 Replies View Related

Cisco VPN :: 831 - Phase 1 And 2 Complete But Limited Network Access

Aug 5, 2012

I am configuring VPN on an 831 rotuer using a dynamic-map configuration. I can connect to the network and I can see phase 1 and 2 complete from the debugs however from what I can tell I can only ping across the VPN. I can't connect to and web services or RDP to any hosts on the local network. Here is a copy of my config.

version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service sequence-numbers

[code]....

View 6 Replies View Related

Cisco VPN :: ASA 5520 / VPN Phase 2 Complete But LAN Traffic Doesn't Pass

Aug 6, 2011

Just setup a site to site vpn between 2 ASA 5520 Firewalls in two locations but vpn doesn't work even though i see phase 2 completed on the logs. I can't ping across the LANs.

View 2 Replies View Related

Cisco Switching/Routing :: ASR 1001 - IKE Phase 2 SA Expires Immediately

Dec 11, 2012

I am migration an IPsec site to site VPN config to a new ASR1001 router «facing» a Linux box (ipsec-tools + racoon). As the Debian Linux does not offer VTI, I am using a crypto map.
 
The working config is given below with the corresponding logs on the Linux side.
 
When I try to apply this previously working config to the ASR1001, I get the following error :
 
000855: *Dec 12 18:28:21.859 UTC: %ACE-3-TRANSERR: IOSXE-ESP(14): IKEA trans 0x1350; opcode 0x60; param 0x2EE; error 0x5; retry cnt 0
 
Dec 12 18:50:19 FAKE-AUCH-GW racoon: INFO: initiate new phase 1 negotiation: 194.214.196.2[500]<=>130.120.124.8[500]
Dec 12 18:50:19 FAKE-AUCH-GW racoon: INFO: begin Identity Protection mode.
Dec 12 18:50:19 FAKE-AUCH-GW racoon: INFO: received Vendor ID: CISCO-UNITY
Dec 12 18:50:19 FAKE-AUCH-GW racoon: INFO: received Vendor ID: DPD
Dec 12 18:50:19 FAKE-AUCH-GW racoon: INFO: received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt(code)

View 8 Replies View Related

Cisco VPN :: ASA5505 Phase 1 And 2 Are Completed But Windows Client Doesn't Work

Dec 12, 2010

i tried to configured L2TP connection on ASA5505.Phase 1 and Phase 2 are completed but Windows Client doesn't work. [code]

View 4 Replies View Related

Cisco VPN :: 3000 Network Address Is Allowed Down Tunnel / Check Phase 2 IPSEC Proposal

Nov 4, 2012

I need to check and possibly change which Network address is allowed down a tunnel and check our Phase 2 IPSEC proposal. How would I do this on a VPN3000?

View 3 Replies View Related

Cisco Switching/Routing :: 3phase Or Single Phase Wiring For Nexus 7010 Power Supplies

Jul 26, 2010

We just purchased a Nexus 7010 switch and we are at a stand still with our COLO trying to figure out what power source should be provided.  APC recommends a 50amp 3phase vertical cabinet PDU (AP7867).  What type of power sourcereakers will be sufficient in handling the Nexus 7k /w (3) power supplies?  Do the COLO need to provide single phase or 3 phase power recepticals?

View 7 Replies View Related

Cisco :: (Duplicate TCP SYN From Inside)

Nov 8, 2011

I'm seeing a TON of traffic in my ASA logs (via ASDM) indicating the following:"Duplicate TCP SYN from inside: (valid internal address of one of our laptops)/50164 to inside: (address on our other subnet, still trying to trace it)/9100 with different initial sequence number"This looks like an attack to me, likely someone's downloaded something they shouldn't have and got an infected laptop. Why it's trying to "call home" to something inside our network is what puzzles me, though.Is there any VALID reason I would see these sort of messages in my log?

View 3 Replies View Related

Cisco :: LMS 4.2 Duplicate Events With Different Component Name

Apr 16, 2012

We have LMS 4.2 installed and added devices;Now if for example a device is not reachable we get two messages with same failure ;only the component name is different  

-     one event with "dns" in component name
-     one with "dns(ip)"  in component name
 dns == hostname

View 4 Replies View Related

Duplicate Name Exists Even After Changing Name

Aug 29, 2012

Everyday a few of the computer will error with "A duplicate name exists on the network:" A quick Google search shows the same answer EVERYWHERE on the internet. So I changed the names of a few of the computers too something I knew was unique. Still though the problem persists/ it afters the two XP bases computers the most, but my main workstations (windows 7 sp1) has had this error a few times, although it appears to have left for a while. I have a feenas server but Active directory is not turned on.My router is a e4200. I was using DHCP server on there (and would very much still like to) although I have turning it off, rebooted both the router and the computers but to no avail.

View 19 Replies View Related

Warning - Got Duplicate TCP Line

Feb 20, 2011

I'm running web server on Linux Redhat when i run

# /etc/init.d/tomcat status

I got a number of lines:

warning, got duplicate tcp line
warning, got duplicate tcp line
warning, got duplicate tcp line
warning, got duplicate tcp line

Tomcat running in normal mode Also , I can see that Tomcat unstability makes some strange behaviour in the system overall.

View 3 Replies View Related

Laptop Says Duplicate Ip Address?

Apr 29, 2012

I have tried changing adapter settings, did the ipconfig /release, renew and still no luck.

View 1 Replies View Related

Cisco WAN :: Duplicate License Error On 861 Router

Apr 3, 2011

I am installing a advance ip service licnese on cisco 861 router but it gives the following error message
 
Router#license install flash:FCZ143294BM_20110221232946625.licInstalling licenses from "flash:FCZ143294BM_20110221232946625.lic"Installing...Feature:advsecurity...Failed:% Error: Duplicate licenseInstalling...Feature:advipservices...Failed:% Error: Duplicate license0/2 licenses were successfully installed2/2 licenses were existing licenses0/2 licenses were failed to install
Router#
 
Also show ver shows the following
 
License Information for 'c860-data'    License Level: advsecurity   Type: Permanent    Next reboot license Level: advsecurity

View 1 Replies View Related

Cisco Wireless :: Different Duplicate IP Messages In 2504?

May 26, 2013

My customer is seeing these Errors coming up on one of his 2504 WLC's (ver7.3) The MAC's and IP addresses Mentioned seem to be completely fictitious as the customers IP plan is way off these subnets and the vendor lookup tool cant resolve the MAC addresses.I can confirm that there is no conflict.I've seen them appear on other 2504's across his network on seperate occasions.

View 4 Replies View Related

Cisco Firewall :: Duplicate ARP Entry With ASA 5510

Jul 17, 2012

I am having peculiar issue in my setup. I recently replaced my ASA 5505 (8.2.1) with ASA 5510 (8.4.3). Everything works fine for a while suddenly I see some of the servers will not be reachable from the LAN all the servers gateway is my switch. If I check on my Dell switch the particular server's arp entry on the connected port  is same as ASA physicall MAC. If im reverting to 5505 ASA everything goes smooth without any issue.

View 6 Replies View Related

Cisco Firewall :: Duplicate Rules On ASA5585

Oct 17, 2012

I got some issues with my CISCO ASA, the thing is that when I add a new rule on the device this rule duplicate and goes to the bottom. We already tried to delete the duplicate rule but it always show an error.
 
-Model 5585
-ASA Version: 8.2(5)
-ASDM version: 6.4(5)

View 5 Replies View Related

ARP Behavior In Case Of Duplicate IP Addresses In Same LAN

Aug 24, 2012

In case I configure duplicate IP addresses to the same VLAN(two interfaces in VLAN 1100 have IP address 192.168.2.2) I see following ARP messages rapidly(those six messages were received in less than 2ms time-frame)

View 2 Replies View Related

Cisco Wireless :: 5508 Duplicate Client IP Address

Dec 1, 2012

I am using 2 anchor controllers 5508 as DHCP server. Anchor controller A is primary and anchor controller B is secondary. From time to time, client will complain "duplicate IP address error" when they try to connect guest wireless.First question: both anchor controller should have a recorder of IP address which is assigned to each PC, right?Second question: is there any way this type of issue can be avoided?

View 3 Replies View Related

Cisco Switching/Routing :: 3750X Duplicate IP Error

Apr 9, 2012

I have just moved to the 3750X switch and have connected it to a 6509E. From the beginning I was having OSPF encryption errors, followed by flood warnings, LSA issue's, duplicate IP's which is baffling me.

There are no IP's which match on either switch however the 3750X was continually power recycling causing the interfaces drop continually.Even after disconnecting from the 6509 the 3750X continue to behave in the same manner. Could there be some issue with this switch?

View 6 Replies View Related

Cisco Wireless :: Cat4500 / Duplicate IP Address On Vlan?

Feb 18, 2009

I am getting the following error messge on Cat4500:
 
Feb 18 23:37:53.098: %IP-4-DUPADDR: Duplicate address 10.237.66.3 on Vlan601, sourced by 001d.096b.4858
Feb 18 23:38:58.092: %IP-4-DUPADDR: Duplicate address 10.237.66.3 on Vlan601, sourced by 001d.096b.47ed

View 9 Replies View Related

Cisco Wireless :: WAP4410N - Duplicate IPs When Repeating Signal

Mar 17, 2010

First here is our network breakdown
 
8 Windows 2008 Servers - UN effected
5 Windows 2003 Servers - effected with dupe IP's

We have AP - A, B and C all configured static and outside of our DHCP scope

A - 104.240
B - 104.241
C - 104.242
 
WAP A is setup to allow the Mac's of A and B to repeat its signal. The issue starts about 1-2 minutes after I set B and C to client/repeater and select A in site survey then save the settings.  Obviously its weird that only our 2003 servers are getting this error.  
 
The system detected an address conflict for IP address 192.168.105.201 with the system having network hardware address *MAC ADDRESS OF ROUTER A*. Network operations on this system may be disrupted as a result.

View 1 Replies View Related

Cisco Switching/Routing :: 6509 - Duplicate Router ID?

Mar 19, 2012

I have a duplicate router ID problem that is confusing to me.  A 6509 and 4510 swich both show the same router ID, but only the 6500 has the router ID IP address configured in it. We are running EIGPR.  The 6509 has L0 as 164.72.239.1 configured, which is it's router ID. The 4510 doesn't have 164.72.239.1 configured on it, yet that's what it's router ID is.  Below are a few show commands displaying this - and as you can see from the 'show run | include 239' from the 4510 there is no 164.72.239.1 configured on it:
 
6509 chassis
 
interface Loopback0ip address 164.72.239.1 255.255.255.255end
RS6509-Core-A#sh ip eigrp topIP-EIGRP Topology Table for AS(1)/ID(164.72.239.1)
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,       r - reply Status, s -

[Code].....

why the 4510 has that router ID?
 
I know I can configure a different router ID on the 4510, but I'm curious as to why it is the way it is.

View 3 Replies View Related

Wireless :: Duplicate Name Exists On Network Error?

Feb 10, 2011

Using windows xp. how do i find and delete network name?

View 1 Replies View Related

Cisco Switching/Routing :: Duplicate IP Address Catalyst 2960?

Mar 14, 2013

I have two 2960's in this new environment that I am administering. I am receiving a message on one unit (Designate it 2960-2) of %IP-4-DUPADDR: Duplicate address 192.168.168.8 on Vlan1, sourced by 3037.a63e.540. The "sourced by" address is the 2960-1. I do not know how these units were originally set up. How can I determine where the duplicate address is originating from.When I perform an ARP -a the address that corresponds to the 192.168.168.8 is the mac address of the ethersvi interface on the 2960-1. I

View 3 Replies View Related

Cisco :: LMS 4.0.1 - Duplicate IP Address Caused By ACE Active / Standby Setup?

Dec 17, 2011

I am using LMS 4.0.1 to monitor the data center network devices. I have two core switches, each core switch has an ACE module installed on it. I have configured many virtual context on each ACE module, and these ACE contexts are acting as primary and standby roles. The problem i faced with is LMS reports the virtual ip address configured on each ace context as duplicate ip address, and i didn't know how to deal with it. As to my understanding, this should be the normal behavior due to my setup, but how can i remove this alarm on LMS 4.0.1?

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved