Hi everyone-
I'm configuring multiple sites on an ASA 5520 (8.0.3-k19) using EasyVPN with PIX501 (6.3.5) on the remote end.
PIX firewalls are not staying connected, and one site is showing this (output of 'sh isakmp sa')
Aug 22 2008 09:16:23: %ASA-5-713201: Group = shilohrec, IP = 127.0.0.1, Duplicate Phase 1 packet detected. Retransmitting last packet.
Aug 22 2008 09:16:23: %ASA-6-713905: Group = shilohrec, IP = 127.0.0.1, P1 Retransmit msg dispatched to AM FSM
Aug 22 2008 09:49:09 713905 Group = shilohrec, IP = 127.0.0.1, No valid authentication type found for the tunnel group
How in the WORLD is it possible that the remote PIX is getting TO my ASA with a remote peer address of 127.0.0.1 ???
Note- the remote PIX is configured with "ip address outside dhcp setroute" and gets 127.0.0.1 as it's answer sometimes.
Rebooting both that and the cable modem solves the issue, temporarily, and the PIX gets a public and we connect.
For a while.
Have replaced cable modem, ethernet cable, and PIX, plus rewritten config on PIX.
I'd assume a hardware problem, but I've replaced it all?
Further notes:
All sites are on Charter cable, dynamic DHCP addressing (no static addresses on remote end)
Some sites work fine, a couple are having disconnect and 127.0.0.1 issues.
Charter does not see the PIX with the 127.0.0.1, though they can see their cable modem.
I've replaced the PIX in question, rebuilt code from the ground up on the remote end.
Sites are using independent vpngroup configs, not one common group/pass, user/pass for all sites.
Configs upon request, as the ASA config is -- very -- large.
Start Free Trial
