• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 344
  • Last Modified:

Cisco ASA & Client VPN - IKE Re-transmission

I have an ASA 5505 with 2 WAN interfaces - 1st accepts and connects with the VPN client but the 2nd doesn't.   I get the following messages in client log:

213    20:57:26.781  11/14/08  Sev=Info/4               CM/0x63100029
TCP connection established on port 10000 with server "64.2.113.130"

214    20:57:27.265  11/14/08  Sev=Info/4               CM/0x63100024
Attempt connection with server "64.2.113.130"

215    20:57:27.328  11/14/08  Sev=Info/6               IKE/0x6300003B
Attempting to establish a connection with 64.2.113.130.

216    20:57:27.328  11/14/08  Sev=Info/4               IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Unity)) to 64.2.113.130

217    20:57:31.765  11/14/08  Sev=Info/6               IPSEC/0x6370001D
TCP RST received from 64.2.113.130, src port 10000, dst port 2520

218    20:57:32.765  11/14/08  Sev=Info/4               IKE/0x63000021
Retransmitting last packet!

ASA-111408-config.txt
0
snchelpdesk
Asked:
snchelpdesk
1 Solution
 
ricks_vCommented:
try dropping:
sysopt connection permit-vpn , this allow you to bypass nat and acl rule for ipsec traffic.

then now we can start troubleshoot the ipsec or VPN setting.

"route outside 0.0.0.0 0.0.0.0 204.16.20.1 1 track 1"

you will have 2 different route for 2 wan interfaces

for testing the 2nd WAN interface, use:

route outside x.x.x.x  x.x.x.x. x.x.x(seecond wan interface) 1


Please provide config and logs from the remote device for further assistant..

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now