Cisco Cisco ASA 5515-X Adaptive Security Appliance Technisches Handbuch
IPSEC: New inbound permit rule, SPI 0x7AD72E0D
Src addr: 10.1.1.2
Src mask: 255.255.255.255
Dst addr: 172.16.1.2
Dst mask: 255.255.255.255
Src ports
Upper: 0
Lower: 0
Op : ignore
Dst ports
Upper: 0
Lower: 0
Op : ignore
Protocol: 50
Use protocol: true
SPI: 0x7AD72E0D
Use SPI: true
IPSEC: Completed inbound permit rule, SPI 0x7AD72E0D
Rule ID: 0x00007fffe13abb80
May 18 04:17:18 [IKEv1 DEBUG]Group = DefaultRAGroup, IP = 10.1.1.2, Pitcher: received
KEY_UPDATE, spi 0x7ad72e0d
May 18 04:17:18 [IKEv1 DEBUG]Group = DefaultRAGroup, IP = 10.1.1.2, Starting P2 rekey timer:
3420 seconds.
May 18 04:17:18 [IKEv1]Group = DefaultRAGroup, IP = 10.1.1.2, PHASE 2 COMPLETED (msgid=00000001)
May 18 04:17:18 [IKEv1]IKEQM_Active() Add L2TP classification rules: ip <10.1.1.2> mask
<0xFFFFFFFF> port <1701>
May 18 04:17:21 [IKEv1]Group = DefaultRAGroup, Username = test, IP = 10.1.1.2, Adding static
route for client address: 192.168.1.1
Some of the commonly seen VPN related errors on Windows client are shown in this table
Error
Code
Code
Possible Solution
691
Ensure the username and password entered was correct
789,835 Ensure pre-shared-key configured on client machine was same as on ASA
800
1. Make sure that the VPN type is set to "Layer 2 Tunneling Protocol (L2TP)"
2. Ensure pre-shared-key was configured correctly configured
2. Ensure pre-shared-key was configured correctly configured
809
Make sure UDP port 500, 4500 ( in case either client or server is behind NAT device) and ESP traffic
was not blocked
was not blocked
Related Information
●
●
●