[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

tunnel interpretation help

Posted on 2012-08-13
1
Medium Priority
?
1,643 Views
Last Modified: 2012-08-16
Hello a tunnel was up and running without incident but now we get the below in logs, no config was done to the pix, any help appreciated.

Pix 515E
PIX Version 8.0(4)

2012-08-13 11:47:06	Local4.Warning	192.168.32.3	%PIX-4-400010: IDS:2000 ICMP echo reply from 142.176.xxx.xxx to 142.166.xxx.xxx on interface outside
2012-08-13 11:47:07	Local4.Warning	192.168.32.3	%PIX-4-400010: IDS:2000 ICMP echo reply from 142.176.xxx.xxx to 142.166.xxx.xxx on interface outside
2012-08-13 11:47:07	Local4.Error	192.168.32.3	%PIX-3-713902: Group = 142.176.xxx.xxx, IP = 142.176.xxx.xxx, Removing peer from peer table failed, no match!
2012-08-13 11:47:07	Local4.Warning	192.168.32.3	%PIX-4-713903: Group = 142.176.xxx.xxx, IP = 142.176.xxx.xxx, Error: Unable to remove PeerTblEntry
2012-08-13 11:47:08	Local4.Warning	192.168.32.3	%PIX-4-400010: IDS:2000 ICMP echo reply from 142.176.xxx.xxx to 142.166.xxx.xxx on interface outside
2012-08-13 11:47:09	Local4.Warning	192.168.32.3	%PIX-4-400010: IDS:2000 ICMP echo reply from 142.176.xxx.xxx to 142.166.xxx.xxx on interface outside
2012-08-13 11:47:14	Local4.Notice	192.168.32.3	%PIX-5-713041: IP = 142.176.xxx.xxx, IKE Initiator: New Phase 1, Intf inside, IKE Peer 142.176.xxx.xxx  local Proxy Address 192.168.32.44, remote Proxy Address 172.19.160.27,  Crypto map (outside_map)
2012-08-13 11:47:14	Local4.Warning	192.168.32.3	%PIX-4-713903: Group = 142.176.xxx.xxx, IP = 142.176.xxx.xxx, Freeing previously allocated memory for authorization-dn-attributes
2012-08-13 11:47:14	Local4.Notice	192.168.32.3	%PIX-5-713119: Group = 142.176.xxx.xxx, IP = 142.176.xxx.xxx, PHASE 1 COMPLETED
2012-08-13 11:47:14	Local4.Notice	192.168.32.3	%PIX-5-713050: Group = 142.176.xxx.xxx, IP = 142.176.xxx.xxx, Connection terminated for peer 142.176.xxx.xxx.  Reason: Peer Terminate  Remote Proxy N/A, Local Proxy N/A
2012-08-13 11:47:14	Local4.Alert	192.168.32.3	%PIX-1-713900: Group = 142.176.xxx.xxx, IP = 142.176.xxx.xxx, construct_ipsec_delete(): No SPI to identify Phase 2 SA!
2012-08-13 11:47:14	Local4.Error	192.168.32.3	%PIX-3-713231: Group = 142.176.xxx.xxx, IP = 142.176.xxx.xxx, Internal Error, ike_lock trying to unlock bit that is not locked for type SA_LOCK_P1_SA_CREATE
2012-08-13 11:47:14	Local4.Error	192.168.32.3	%PIX-3-713232: Group = 142.176.xxx.xxx, IP = 142.176.xxx.xxx, SA lock refCnt = 0, bitmask = 00000000, p1_decrypt_cb = 0, qm_decrypt_cb = 0, qm_hash_cb = 0, qm_spi_ok_cb = 0, qm_dh_cb = 1, qm_secret_key_cb = 0, qm_encrypt_cb = 0
2012-08-13 11:47:14	Local4.Error	192.168.32.3	%PIX-3-713902: Group = 142.176.xxx.xxx, IP = 142.176.xxx.xxx, Removing peer from correlator table failed, no match!
2012-08-13 11:47:14	Local4.Warning	192.168.32.3	%PIX-4-113019: Group = 142.176.xxx.xxx, Username = 142.176.xxx.xxx, IP = 142.176.xxx.xxx, Session disconnected. Session Type: IKE, Duration: 0h:00m:00s, Bytes xmt: 0, Bytes rcv: 0, Reason: Unknown
2012-08-13 11:47:16	Local4.Critical	192.168.32.3	%PIX-2-106006: Deny inbound UDP from 211.202.122.6/31066 to 142.166.xxx.xxx/50325 on interface outside
2012-08-13 11:47:17	Local4.Notice	192.168.32.3	%PIX-5-713041: IP = 142.176.xxx.xxx, IKE Initiator: New Phase 1, Intf inside, IKE Peer 142.176.xxx.xxx  local Proxy Address 192.168.32.44, remote Proxy Address 172.19.160.27,  Crypto map (outside_map)
2012-08-13 11:47:17	Local4.Warning	192.168.32.3	%PIX-4-713903: Group = 142.176.xxx.xxx, IP = 142.176.xxx.xxx, Freeing previously allocated memory for authorization-dn-attributes
2012-08-13 11:47:17	Local4.Notice	192.168.32.3	%PIX-5-713119: Group = 142.176.xxx.xxx, IP = 142.176.xxx.xxx, PHASE 1 COMPLETED
2012-08-13 11:47:17	Local4.Notice	192.168.32.3	%PIX-5-713050: Group = 142.176.xxx.xxx, IP = 142.176.xxx.xxx, Connection terminated for peer 142.176.xxx.xxx.  Reason: Peer Terminate  Remote Proxy N/A, Local Proxy N/A
2012-08-13 11:47:17	Local4.Alert	192.168.32.3	%PIX-1-713900: Group = 142.176.xxx.xxx, IP = 142.176.xxx.xxx, construct_ipsec_delete(): No SPI to identify Phase 2 SA!
2012-08-13 11:47:17	Local4.Error	192.168.32.3	%PIX-3-713231: Group = 142.176.xxx.xxx, IP = 142.176.xxx.xxx, Internal Error, ike_lock trying to unlock bit that is not locked for type SA_LOCK_P1_SA_CREATE
2012-08-13 11:47:17	Local4.Error	192.168.32.3	%PIX-3-713232: Group = 142.176.xxx.xxx, IP = 142.176.xxx.xxx, SA lock refCnt = 0, bitmask = 00000000, p1_decrypt_cb = 0, qm_decrypt_cb = 0, qm_hash_cb = 0, qm_spi_ok_cb = 0, qm_dh_cb = 1, qm_secret_key_cb = 0, qm_encrypt_cb = 0
2012-08-13 11:47:17	Local4.Error	192.168.32.3	%PIX-3-713902: Group = 142.176.xxx.xxx, IP = 142.176.xxx.xxx, Removing peer from correlator table failed, no match!
2012-08-13 11:47:17	Local4.Warning	192.168.32.3	%PIX-4-113019: Group = 142.176.xxx.xxx, Username = 142.176.xxx.xxx, IP = 142.176.xxx.xxx, Session disconnected. Session Type: IKE, Duration: 0h:00m:00s, Bytes xmt: 0, Bytes rcv: 0, Reason: Unknown

Open in new window

0
Comment
Question by:davesnb
1 Comment
 
LVL 7

Accepted Solution

by:
southpau1 earned 1500 total points
ID: 38288075
Looks like the IKE configuration is not the same on both sides.  Check out this article, and see the sample configurations for a basic idea

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a0080094203.shtml
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When speed and performance are vital to revenue, companies must have complete confidence in their cloud environment.
Let’s face it: one of the reasons your organization chose a SaaS solution (whether Microsoft Dynamics 365, Netsuite or SAP) is that it is subscription-based. The upkeep is done. Or so you think.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question