My customer says that the VPN to a certain customer of theirs is down on the ASA. Nothing change on our side. So the obvious answer is that something changed on their side. So I get him to run a constant ping to the remote side network where he is trying to get to. But, I see the below message when doing a "show cryp isa"
6 IKE Peer: 4.2.26.166
Type : user Role : initiator
Rekey : no State : MM_WAIT_MSG2
I also see this in the logs:
Nov 09 11:02:44 [IKEv1]: IP = 4.2.26.166, Removing peer from peer table failed, no match!
Nov 09 11:02:44 [IKEv1]: IP = 4.2.26.166, Error: Unable to remove PeerTblEntry
As it turns out, their Internet connection is down. When it came back up, so did the VPN.
This is the White Rhino Security blog, an IT technical blog about configs and topics related to the Network and Security Engineer working with Cisco, Brocade, Check Point, and Palo Alto and Sonicwall. I hope this blog serves you well. -- May The Lord bless you and keep you. May He shine His face upon you, and bring you peace.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Your comment will be reviewed for approval. Thank you for submitting your comments.