Cisco VPN :: ASA-5520 Logs 713201 Duplicate Phase 2 Packet Detected

Feb 8, 2012

Got a classical remote access vpn with Cisco VPN Client and ASA-5520, Some weeks ago I noticed in my ASA logs this severity 5 Message. Group = xyz, Username = abc, IP = 84.n.n.n, Duplicate Phase 2  packet detected. No last packet to retransmit. This message comes with every connect, but then connections works fine.

Remark: See ASA ADSM:

- 1. Duplicated Phase II (!!)
- 2. Phase I
- 3. Phase II

View 4 Replies


ADVERTISEMENT

Cisco VPN :: 5540 Duplicate Phase Packet Detected

Feb 27, 2011

I have a little problem with a Easy VPN, this is the topology:
 
-One router 2811: This is the Easy-client (Who has a ip address by dhcp)

-One ASA 5540: This is the Easy-server

View 11 Replies View Related

Cisco VPN :: ASA 5520 / VPN Phase 2 Complete But LAN Traffic Doesn't Pass

Aug 6, 2011

Just setup a site to site vpn between 2 ASA 5520 Firewalls in two locations but vpn doesn't work even though i see phase 2 completed on the logs. I can't ping across the LANs.

View 2 Replies View Related

Cisco WAN :: 3945 - Looping Packet Detected And Dropped

Aug 11, 2012

IOS : c3900e-universalk9-mz.SPA.151-1.T.bin
Router: Cisco 3945
 
We are getting error msgs :
 
Aug 13 06:26:57: %TRACKING-5-STATE: 50 ip sla 50 reachability Up->DownAug 13 06:26:58: %TRACKING-5-STATE: 55 list boolean and Up->DownAug 13 06:26:58: %IP-3-LOOPPAK: Looping packet detected and dropped -Aug 13 06:27:12: %TRACKING-5-STATE: 50 ip sla 50 reachability Down->UpAug 13 06:27:13: %TRACKING-5-STATE: 55 list boolean and Down->Up
Aug 13 06:32:57: %TRACKING-5-STATE: 50 ip sla 50 reachability Up->DownAug 13 06:32:58: %TRACKING-5-STATE: 55 list boolean and Up->DownAug 13 06:32:58: %IP-3-LOOPPAK: Looping packet detected and dropped -Aug 13 06:33:12: %TRACKING-5-STATE: 50 ip sla 50 reachability Down->UpAug 13 06:33:13: %TRACKING-5-STATE: 55 list boolean and Down->Up

View 5 Replies View Related

Cisco WAN :: ASA 5520 How To Get Old Logs From Router

Nov 4, 2012

I am running two ASA 5520 routers synched up with eachother. I had a massive connectivity issue this weekend that I am investigating. Now I have figured out how to get the live logging but I need to know how to get the old logs from my router.

View 4 Replies View Related

Cisco Firewall :: 5520 ASDM 6.4 And ASA Not Showing Logs

Feb 27, 2011

We’ve got lot of ASA appliances (around 30, 5505/5510/5520) and we never had this problem since the use of the new image software ASA 8.4(1) and ASDM 6.4(1). So, my problem is located on two ASA 5520 with active/passive failover with ASA image 8.4(1) and ASDM image 6.4(1).
 
My problem is that our appliance doesn’t show any logs when an ACL deny a packet, even if when I specify a specific “deny ACL” with a specific logging condition, asdm and ssh buffer logging are empty but the counters of the ACL increment.

View 6 Replies View Related

Cisco AAA/Identity/Nac :: ASA 5520 / Username Does Not Show In CLI And ACS Logs

Aug 3, 2011

Why my asa5520 brings out:

sh curpriv
Username : enable_15
Current privilege level : 15
Current Mode/s : P_PRIV
 
while i am logging in with my username which is XXXX. And in my ACS accounting logs I cannot see which user did what.

View 2 Replies View Related

Cisco VPN :: 5520 - Incorrect TCP Session Logs For Remote VPN Users On ASA

Oct 29, 2012

I have a problem on a Cisco ASA5520 version 8.2(5). A customer has set up a syslog to keep tracks of tcp sessions made by vpn users. On the syslog we filter %ASA-6-302013 and %ASA-6-302014 log messages, respectively: Built inbound TCP connection and Teardown TCP connection. When the connection is made by a vpn user, at the end of the log line you see the vpn username which should be the same in both the messages for the same connection. I have verified that when a user, let's say UserA, disconnects from the vpn, their tcp sessions are not properly closed; if another user, let's say UserB, establish a VPN immeditaely after and gets the same IP address previously assigned to UserA, the log sessions are recored with UserA in the %ASA-6-302013 message and UserB in the %ASA-6-302014 message. I presume this is due to the fact the tcp sessions are not tore down when the first user disconnects and it looks like a bug to me but I didn't find it referenced anywhere. Is there a way to have all tcp session tore down when a user disconnects the VPN connection?

View 2 Replies View Related

Cisco Firewall :: ASA 5520 Logs In RealTime Viewer Delayed

Jul 11, 2011

I have a newish instance of 5520 running.  I am seeing some odd logging issues in that the logs are significantly delayed showing up in the real time viewer.  I'll try to connect, say on remote desktop, and will not see the traffic in the viewer for up to 20 seconds or so after I'm already connected to the server.  I have not seen this before. 

View 1 Replies View Related

Cisco VPN :: ASA-5520 / Packet Capture At VPN Entry (and Exit)

Oct 20, 2011

I would like to capture packets which are going through an IPSEC tunnel. The packets originate in the appliance (syslog) and are sent to the remote via a VPN. I can see the encapsulated packets going out to the peer and I can see the ISAKMP packets to and from the peer. Because the packets originate within the appliance, they do not appear on any interface to be captured.
 
Is there some way to capture these packets before they are encapsulated?I attempted to capture packets on the asa-dataplane, but they are in a format that I cannot decode, and I cannot put a filter on the capture.
 
Hardware is ASA-5520
Software is version 8.3(2)

View 2 Replies View Related

Cisco Firewall :: 5520 - Inside Server To See Actual Outside Host Source IP In Udp Packet

Mar 3, 2013

I have a 5520 in production at a customer's site between an outside 802.11 network and an inside server.   The server can get to outside hosts OK, and the traffic is being NATed  properly, and sockets initiated by the server on the inside can pass data both ways, but I need to allow outside hosts the ability to send  'announcement' UDP packets to the inside server.  I thought this might be an  outside-NAT-required issue to get the traffic routed, but I need the inside server to see the  actual outside host source IP in the UDP packet, so I basically set the  outside host up similar to the inside host, just without the NAT table on the firewall -- it's subnet is outside the  destination (inside server) subnet, and its gateway is the outside  interface of the ASA, the same way the inside server is able to get to  hosts outside.  The firewall should just route the packet with a destination of the inside subnet once it sees that it hits a 'permit' ACL.
 
I have the appropriate ACL's set up, and when I do 'show access-list' I  see policy hits for the 'permit' statements where the outside host is  generating the announcement and it's hitting the ACL.  I even duplicated  the ACL into list 101 and 102, and applied 101 for inbound traffic on  the outside int, and applied 102 for outbound traffic on the inside int,  and I'm seeing policy hits on both permit statements outside and  inside, so it looks like the traffic is being passed on to the inside  interface and permitted, but the server isn't seeing the packets.
 
I can ping the outside interface from the outside, but cannot ping the  inside interface or any inside hosts from the outside, even though I  have 'permit icmp any any' enabled on the ACL on both ints. When I  remove the firewall and put the outside clients on the same subnet, the server sees the packets just fine.
 
I set up the same scenario in my lab with an ASA 5505, with the same results.  Below is the running config from the 5505 in the lab.  The production firewall is running a slightly older version of ASA, so I made the configuration as basic as possible on the 5505 to match the config in the field:
 
: Saved
:
ASA Version 8.3(1)
!
hostname ciscoasa
enable password Guh9Xxhb9mcC8lV1 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Vlan2
description Outside WAN Interface
nameif outside
security-level 0
ip address 192.168.10.1 255.255.255.0
!
interface Vlan3
description Inside LAN Interface
nameif inside(code)

View 6 Replies View Related

Cisco VPN :: 876 Phase 2 SA Policy Not Acceptable

Oct 16, 2012

I want to setup a vpn tunnel from a Cisco VPN Client in the internet over a fritzbox to the Cisco 876 (Version 15.1(4)M3) so that the vpn tunnel terminates at the Cisco 876.For that reason I used the command "crypto map mymap" on the int fastethernet 1. When I try to connect, the VPN Client opens the window for username and password but then ends with the message "not connected". When I do "debug crypto isakmp" the Cisco 876 shows the message: "phase 2 SA policy not acceptable!". [code]

View 3 Replies View Related

Cisco WAN :: Will 3945 Work On 208 V Single Phase

Mar 12, 2013

Will the 3945 router work on 208 V single phase (line to line)?  I know it mentions 100-240 VAC, but would the line-to-line issue cause a problem?

View 1 Replies View Related

To Find A Pass Phase Number

Jul 24, 2011

How to do the above thing.

View 3 Replies View Related

Cisco VPN :: ASA5510 To 2951 - Phase 2 Failures With 10.x Subnets

Apr 25, 2013

I have a site to site ipsec tunnel setup between an ASA5510 and a 2951 Router. The ASA 5510 is on a 10.x subnet with a few vlans behind it. There are also 7 other ASA5505 that connect to this box with ipsec.
 
The 2951 is on a 10.x subnet with multiple vlans behind it (10.x and 192.x subnets).
 
When I had ACL to allow traffic from 10.20.0.0 (ASA) to 192.168.111.0 (2951 - voice vlan) the connection comes online and is stable.
 
The minute I add any of the following, the connection drops off with Phase 2 errors: 10.20.0.0 to 10.1.200.0 10.20.1.0 to 10.1.1.0
 
I can add a second 10.20.0.0 to 192.168.10.0 with no problem at all. The issue only seems to occur when attempting to add traffic from 10 to 10 on the tunnel.

View 2 Replies View Related

Cisco VPN :: ASA 5580 Random (Phase 2 Rekey Collision)

Feb 25, 2013

Configuration is simple, from one side ASA 5580 with soft asa844-5-smp-k8.bin, from another side: ASA 5520 with asa845-k8.bin. Between them is builded IPsec LAN-to-LAN.Usually it works fine, but:    In random time I can get  error in logs something like that on ASA 5520:   %ASA-5-713904: Group = x.x.x.200, IP = x.x.x.200, Phase 2 rekey collision, found centry 0x6cec9d28 or on ASA 5580:   %ASA-5-713904: Group = x.x.x.234, IP = x.x.x.234, Phase 2 rekey collision, found centry 0x00007ffe782dfa60 The main problem that if this error is occured on 5520 - all continues to work (only this message is appear in log).
 
If this problem occured on 5580 - tunnel stopped his work. One thing that works - it is drop crypto SA (clear crypto ikev1 sa x.x.x.234), after that tunnel reinitialized and all starts work again. As far as I know, this problem was on 5520 to version 8.4.2 and was solved in 8.4.3. But, as you see, in version for 5580 (-smp) this bug is still present in newer versions.

View 2 Replies View Related

Cisco VPN :: 7600 - Cannot Successfully Negotiate ISAKMP Phase 1

Apr 22, 2012

I am trying to set up a site to site VPN tunnel using GRE over IPSEC. Below is the configuration from both routers and debug output. I'm scratching my head on this one. I'm using two Cisco 7600 routers with  SSC-400 SPA modules and 720 Supervisors. The IOS on R1 is 12.2 SXI2 and R2 has 12.2 SXI3.

View 1 Replies View Related

Cisco VPN :: 831 - Phase 1 And 2 Complete But Limited Network Access

Aug 5, 2012

I am configuring VPN on an 831 rotuer using a dynamic-map configuration. I can connect to the network and I can see phase 1 and 2 complete from the debugs however from what I can tell I can only ping across the VPN. I can't connect to and web services or RDP to any hosts on the local network. Here is a copy of my config.

version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service sequence-numbers

[code]....

View 6 Replies View Related

Cisco Switching/Routing :: ASR 1001 - IKE Phase 2 SA Expires Immediately

Dec 11, 2012

I am migration an IPsec site to site VPN config to a new ASR1001 router «facing» a Linux box (ipsec-tools + racoon). As the Debian Linux does not offer VTI, I am using a crypto map.
 
The working config is given below with the corresponding logs on the Linux side.
 
When I try to apply this previously working config to the ASR1001, I get the following error :
 
000855: *Dec 12 18:28:21.859 UTC: %ACE-3-TRANSERR: IOSXE-ESP(14): IKEA trans 0x1350; opcode 0x60; param 0x2EE; error 0x5; retry cnt 0
 
Dec 12 18:50:19 FAKE-AUCH-GW racoon: INFO: initiate new phase 1 negotiation: 194.214.196.2[500]<=>130.120.124.8[500]
Dec 12 18:50:19 FAKE-AUCH-GW racoon: INFO: begin Identity Protection mode.
Dec 12 18:50:19 FAKE-AUCH-GW racoon: INFO: received Vendor ID: CISCO-UNITY
Dec 12 18:50:19 FAKE-AUCH-GW racoon: INFO: received Vendor ID: DPD
Dec 12 18:50:19 FAKE-AUCH-GW racoon: INFO: received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt(code)

View 8 Replies View Related

Cisco VPN :: ASA5505 Phase 1 And 2 Are Completed But Windows Client Doesn't Work

Dec 12, 2010

i tried to configured L2TP connection on ASA5505.Phase 1 and Phase 2 are completed but Windows Client doesn't work. [code]

View 4 Replies View Related

Cisco VPN :: 3000 Network Address Is Allowed Down Tunnel / Check Phase 2 IPSEC Proposal

Nov 4, 2012

I need to check and possibly change which Network address is allowed down a tunnel and check our Phase 2 IPSEC proposal. How would I do this on a VPN3000?

View 3 Replies View Related

Cisco Switching/Routing :: 3phase Or Single Phase Wiring For Nexus 7010 Power Supplies

Jul 26, 2010

We just purchased a Nexus 7010 switch and we are at a stand still with our COLO trying to figure out what power source should be provided.  APC recommends a 50amp 3phase vertical cabinet PDU (AP7867).  What type of power sourcereakers will be sufficient in handling the Nexus 7k /w (3) power supplies?  Do the COLO need to provide single phase or 3 phase power recepticals?

View 7 Replies View Related

Cisco :: (Duplicate TCP SYN From Inside)

Nov 8, 2011

I'm seeing a TON of traffic in my ASA logs (via ASDM) indicating the following:"Duplicate TCP SYN from inside: (valid internal address of one of our laptops)/50164 to inside: (address on our other subnet, still trying to trace it)/9100 with different initial sequence number"This looks like an attack to me, likely someone's downloaded something they shouldn't have and got an infected laptop. Why it's trying to "call home" to something inside our network is what puzzles me, though.Is there any VALID reason I would see these sort of messages in my log?

View 3 Replies View Related

Cisco :: LMS 4.2 Duplicate Events With Different Component Name

Apr 16, 2012

We have LMS 4.2 installed and added devices;Now if for example a device is not reachable we get two messages with same failure ;only the component name is different  

-     one event with "dns" in component name
-     one with "dns(ip)"  in component name
 dns == hostname

View 4 Replies View Related

Duplicate Name Exists Even After Changing Name

Aug 29, 2012

Everyday a few of the computer will error with "A duplicate name exists on the network:" A quick Google search shows the same answer EVERYWHERE on the internet. So I changed the names of a few of the computers too something I knew was unique. Still though the problem persists/ it afters the two XP bases computers the most, but my main workstations (windows 7 sp1) has had this error a few times, although it appears to have left for a while. I have a feenas server but Active directory is not turned on.My router is a e4200. I was using DHCP server on there (and would very much still like to) although I have turning it off, rebooted both the router and the computers but to no avail.

View 19 Replies View Related

Warning - Got Duplicate TCP Line

Feb 20, 2011

I'm running web server on Linux Redhat when i run

# /etc/init.d/tomcat status

I got a number of lines:

warning, got duplicate tcp line
warning, got duplicate tcp line
warning, got duplicate tcp line
warning, got duplicate tcp line

Tomcat running in normal mode Also , I can see that Tomcat unstability makes some strange behaviour in the system overall.

View 3 Replies View Related

Laptop Says Duplicate Ip Address?

Apr 29, 2012

I have tried changing adapter settings, did the ipconfig /release, renew and still no luck.

View 1 Replies View Related

Cisco WAN :: Duplicate License Error On 861 Router

Apr 3, 2011

I am installing a advance ip service licnese on cisco 861 router but it gives the following error message
 
Router#license install flash:FCZ143294BM_20110221232946625.licInstalling licenses from "flash:FCZ143294BM_20110221232946625.lic"Installing...Feature:advsecurity...Failed:% Error: Duplicate licenseInstalling...Feature:advipservices...Failed:% Error: Duplicate license0/2 licenses were successfully installed2/2 licenses were existing licenses0/2 licenses were failed to install
Router#
 
Also show ver shows the following
 
License Information for 'c860-data'    License Level: advsecurity   Type: Permanent    Next reboot license Level: advsecurity

View 1 Replies View Related

Cisco Wireless :: Different Duplicate IP Messages In 2504?

May 26, 2013

My customer is seeing these Errors coming up on one of his 2504 WLC's (ver7.3) The MAC's and IP addresses Mentioned seem to be completely fictitious as the customers IP plan is way off these subnets and the vendor lookup tool cant resolve the MAC addresses.I can confirm that there is no conflict.I've seen them appear on other 2504's across his network on seperate occasions.

View 4 Replies View Related

Cisco Firewall :: Duplicate ARP Entry With ASA 5510

Jul 17, 2012

I am having peculiar issue in my setup. I recently replaced my ASA 5505 (8.2.1) with ASA 5510 (8.4.3). Everything works fine for a while suddenly I see some of the servers will not be reachable from the LAN all the servers gateway is my switch. If I check on my Dell switch the particular server's arp entry on the connected port  is same as ASA physicall MAC. If im reverting to 5505 ASA everything goes smooth without any issue.

View 6 Replies View Related

Cisco Firewall :: Duplicate Rules On ASA5585

Oct 17, 2012

I got some issues with my CISCO ASA, the thing is that when I add a new rule on the device this rule duplicate and goes to the bottom. We already tried to delete the duplicate rule but it always show an error.
 
-Model 5585
-ASA Version: 8.2(5)
-ASDM version: 6.4(5)

View 5 Replies View Related

ARP Behavior In Case Of Duplicate IP Addresses In Same LAN

Aug 24, 2012

In case I configure duplicate IP addresses to the same VLAN(two interfaces in VLAN 1100 have IP address 192.168.2.2) I see following ARP messages rapidly(those six messages were received in less than 2ms time-frame)

View 2 Replies View Related

Cisco Wireless :: 5508 Duplicate Client IP Address

Dec 1, 2012

I am using 2 anchor controllers 5508 as DHCP server. Anchor controller A is primary and anchor controller B is secondary. From time to time, client will complain "duplicate IP address error" when they try to connect guest wireless.First question: both anchor controller should have a recorder of IP address which is assigned to each PC, right?Second question: is there any way this type of issue can be avoided?

View 3 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved