![]() ![]() the problem I am having is with IKE Phase 2, I keep getting an IKE Phase 2 no Response on the phone and this is what Im getting in the ASA log.Ĥ|Feb 18 2010|09:05:04|113019|||||Group = test, Username = user, IP = 71.161.x.x, Session disconnected. Hello Andrew, I know this thread is a bit old, but I am in the process of trying to setup some 9630's to VPN into my Corp. If that works and you can send and recevie traffic using the same settings from the PC VPN client - then the issue could be with the phone settings themselves.ġ) ON the VPN profile, are you encrypting ALL traffic or have you enabled split-tunneling?ģ) Have you configured in the VPN Phone the NAT-T ports of 4500?Ĥ) If you have a firewall in front of the VPN concentrator, are you allowing UDP 4500 thru?ĥ) Does your cable/dsl modem support IPSEC pass-thru? I suggest for testing, that you test the VPN Phone profile on the cisco client, this will either prove or disprove any issues with the DHCP address assignment.įor testing - I would have your VPN conc assign the addresses to see if this could be the issue. The phone still has the local IP address of your subnet, but the remote VPN IP is passed on to the phones VPN virtual network adapter, just like the VPN client on a PC. After the reboot, the tunnel came back up and began to work.No it does not override, if it did it would not work locally, as the IP is not on your local subnet. As a last resort, I remotely rebooted the firewall, (I am about 1 1/2 hours from this location). I then went in and cleared all sessions that had anything to do with my tunnel and that still did not help. I still received the same error message as before. After opening a ticket with the 3rd party to have them look at their end of the tunnel, I proceeded to clear vpn ike-sa gateway and clear vpn ipsec-sa tunnel from the firewall and then used the test vpn commands to spin the tunnels back up. Failed SA: x.x.x.x-x.x.x.x cookie:xxxxxxxxxxxxxxxxxxxxxxxx. "IKE phase-1 negotiation is started as responder, main mode. At 7:48 am this morning our IKE phase one failed with the following message. ![]() The server is hosted by a 3rd party and we have VPN tunnels built to it from our locations. Earlier today we had a failure of our VPN tunnel to one of our medical application servers in the cloud. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |