• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 329
  • Last Modified:

Cisco ASA & Client VPN - IKE Re-transmission

I have an ASA 5505 with 2 WAN interfaces - 1st accepts and connects with the VPN client but the 2nd doesn't.   I get the following messages in client log:

213    20:57:26.781  11/14/08  Sev=Info/4               CM/0x63100029
TCP connection established on port 10000 with server ""

214    20:57:27.265  11/14/08  Sev=Info/4               CM/0x63100024
Attempt connection with server ""

215    20:57:27.328  11/14/08  Sev=Info/6               IKE/0x6300003B
Attempting to establish a connection with

216    20:57:27.328  11/14/08  Sev=Info/4               IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Unity)) to

217    20:57:31.765  11/14/08  Sev=Info/6               IPSEC/0x6370001D
TCP RST received from, src port 10000, dst port 2520

218    20:57:32.765  11/14/08  Sev=Info/4               IKE/0x63000021
Retransmitting last packet!

1 Solution
try dropping:
sysopt connection permit-vpn , this allow you to bypass nat and acl rule for ipsec traffic.

then now we can start troubleshoot the ipsec or VPN setting.

"route outside 1 track 1"

you will have 2 different route for 2 wan interfaces

for testing the 2nd WAN interface, use:

route outside x.x.x.x  x.x.x.x. x.x.x(seecond wan interface) 1

Please provide config and logs from the remote device for further assistant..


Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now