Well, I did see this message on a ASA 5505.
Queuing KEY-ACQUIRE messages to be processed when P1 SA is complete.
So how do you fix this? Well, Im sure there are several potential fixes for this, depending on what you have configured for the VPN. Im assuming you are working on VPN if you are getting this message. Anyway, I happened to forget to enable ISAKMP on the outside interface, which did cause this. Sometimes you just forget some config.
crypto isakmp enable outside
This is the retired Shane Killen personal blog, an IT technical blog about configs and topics related to the Network and Security Engineer working with Cisco, Brocade, Check Point, and Palo Alto and Sonicwall. I hope this blog serves you well. -- May The Lord bless you and keep you. May He shine His face upon you, and bring you peace.
Tuesday, October 21, 2014
Cisco ASA: "Queuing KEY-ACQUIRE messages to be processed when P1 SA is complete."
Subscribe to: Post Comments (Atom)
It's always something...a forgotten command or option, and we have to dig and figure it out. But you know, if everything worked the way it's supposed to, we would be out of a job.ReplyDelete