Cisco Cisco ASA 5545-X Adaptive Security Appliance - No Payload Encryption Manual Técnica
Protocol: 50
Use protocol: true
SPI: 0x7AD72E0D
Use SPI: true
IPSEC: Completed inbound permit rule, SPI 0x7AD72E0D
Rule ID: 0x00007fffe13abb80
May 18 04:17:18 [IKEv1 DEBUG]Group = DefaultRAGroup, IP = 10.1.1.2, Pitcher: received KEY_UPDATE, spi 0x7ad72e0d
May 18 04:17:18 [IKEv1 DEBUG]Group = DefaultRAGroup, IP = 10.1.1.2, Starting P2 rekey timer: 3420 seconds.
May 18 04:17:18 [IKEv1]Group = DefaultRAGroup, IP = 10.1.1.2,
PHASE 2 COMPLETED
(msgid=00000001)
May 18 04:17:18 [IKEv1]IKEQM_Active() Add L2TP classification rules: ip <10.1.1.2> mask <0xFFFFFFFF> port <1701>
May 18 04:17:21 [IKEv1]Group = DefaultRAGroup,
Username = test, IP = 10.1.1.2, Adding static route for client address: 192.168.1.1
Some of the commonly seen VPN related errors on Windows client are shown in this table
Error Code Possible Solution
691
Ensure the username and password entered was correct
789,835
Ensure pre-shared-key configured on client machine was same as on ASA
800
1. Make sure that the VPN type is set to "Layer 2 Tunneling Protocol (L2TP)"
2. Ensure pre-shared-key was configured correctly configured
809
Make sure UDP port 500, 4500 ( in case either client or server is behind NAT device) and ESP traffic was not blocked
Related Information
Cisco ASA 5500 Series Adaptive Security Appliances
Most Common L2L and Remote Access IPsec VPN Troubleshooting Solutions
Technical Support & Documentation - Cisco Systems
Most Common L2L and Remote Access IPsec VPN Troubleshooting Solutions
Technical Support & Documentation - Cisco Systems
Updated: Feb 10, 2016
Document ID: 200340