Cisco Cisco ASA 5505 Adaptive Security Appliance 기술 매뉴얼

IPSEC: New inbound permit rule, SPI 0x7AD72E0D

   Src addr: 10.1.1.2

   Src mask: 255.255.255.255

   Dst addr: 172.16.1.2

   Dst mask: 255.255.255.255

   Src ports

     Upper: 0

     Lower: 0

     Op   : ignore

   Dst ports

     Upper: 0

     Lower: 0

     Op   : ignore

   Protocol: 50

   Use protocol: true

   SPI: 0x7AD72E0D

   Use SPI: true

IPSEC: Completed inbound permit rule, SPI 0x7AD72E0D

   Rule ID: 0x00007fffe13abb80

May 18 04:17:18 [IKEv1 DEBUG]Group = DefaultRAGroup, IP = 10.1.1.2, Pitcher: received

KEY_UPDATE, spi 0x7ad72e0d

May 18 04:17:18 [IKEv1 DEBUG]Group = DefaultRAGroup, IP = 10.1.1.2, Starting P2 rekey timer:

3420 seconds.

May 18 04:17:18 [IKEv1]Group = DefaultRAGroup, IP = 10.1.1.2, PHASE 2 COMPLETED (msgid=00000001)

May 18 04:17:18 [IKEv1]IKEQM_Active() Add L2TP classification rules: ip <10.1.1.2> mask

<0xFFFFFFFF> port <1701>

May 18 04:17:21 [IKEv1]Group = DefaultRAGroup, Username = test, IP = 10.1.1.2, Adding static

Some of the commonly seen VPN related errors on Windows client are shown in this table

Error
Code

                        Possible Solution

691

Ensure the username and password entered was correct

789,835 Ensure pre-shared-key configured on client machine was same as on ASA

800

1. Make sure that the VPN type is set to "Layer 2 Tunneling Protocol (L2TP)"
2. Ensure pre-shared-key was configured correctly configured

809

Make sure UDP port 500, 4500 ( in case either client or server is behind NAT device) and ESP traffic
was not blocked

●

●

●