This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ASL 7.101 and Cisco

Hi all

I had a Site to Site IPSec tunnel between ASL 7.101 and a Cisco ASA 5510. After some mucking around the two started talking and the tunnel worked.

Settings at both ends are using AES-256 and SHA for IKE/IPSec, Group 5 for IKE, and no PFS or compression.

Looking at the logs, I'm seeing what looks like an error and the tunnel keeps being recreated every few minutes. The tunnel between the two sites works fine, so maybe it means nothing.

Can anyone explain what the following means:

2008:01:16-19:54:11 (none) pluto[6359]: "S_REF_toKjoQZhML_0" #700: IPsec SA established {ESP=>0xd82016af

At this point the tunnel is recreated. Is this normal logging? The Lifetime for both sites is set to the default Cisco setting of 86400, so I wouldn't have thought it would keep doing this every few minutes.

Matt

This thread was automatically locked due to age.

0 BarryG over 17 years ago

Not that often for me, and I don't have any of the retransmission messages.

Barry
Cancel
Vote Up 0 Vote Down

Cancel
0 NimmdirKeks over 17 years ago

Make a debug crypto isakmp and debug cryto ipsec on the pix (ah sorry, asa now).

No_Proposal_Chosen normaly signs, that the pix can't find an according isakmp policy.
Cancel
Vote Up 0 Vote Down

Cancel