Well, I did see this message on a ASA 5505.
Queuing KEY-ACQUIRE messages to be processed when P1 SA is complete.
So how do you fix this? Well, Im sure there are several potential fixes for this, depending on what you have configured for the VPN. Im assuming you are working on VPN if you are getting this message. Anyway, I happened to forget to enable ISAKMP on the outside interface, which did cause this. Sometimes you just forget some config.
crypto isakmp enable outside
It's always something...a forgotten command or option, and we have to dig and figure it out. But you know, if everything worked the way it's supposed to, we would be out of a job.
ReplyDelete