Multiple proxy id problem



  • Hello  i have configured ssg140 with cisco asa.  Svpn based on policy based vpn routing. on my autokey ike is 7 different subnets but every 5 minutes i loog in my log file and i see 
    Phase 2: Initiated negotiations.
    Added Phase 2 session tasks to the task list.
    Phase 1: Responder starts MAIN mode negotiations.
    Phase 2 msg ID 09f2d1a3: Completed negotiations with SPI f321a4b4, tunnel ID 317, and lifetime 3600 seconds/4194303 KB.
    phase 2:The symmetric crypto key has been generated successfully.
    Phase 2 msg ID 09f2d1a3: Responded to the peer’s first message.
    Phase 2 msg ID 399e5959: Completed negotiations with SPI f321a4b3, tunnel ID 256, and lifetime 3600 seconds/4194303 KB.
    phase 2:The symmetric crypto key has been generated successfully.
    Received initial contact notification and removed Phase 1 SAs.
    Received initial contact notification and removed Phase 2 SAs.
    Received a notification message for DOI 1 24578 INITIAL-CONTACT.
    Phase 2 msg ID 399e5959: Responded to the peer’s first message.
    Phase 1: Completed Main mode negotiations with a 86400-second lifetime.
    phase 1:The symmetric crypto key has been generated successfully.
    Phase 2 msg ID d0a153d3: Completed negotiations with SPI f321a4b2, tunnel ID 317, and lifetime 3600 seconds/4194303 KB.
    phase 2:The symmetric crypto key has been generated successfully.
    Phase 2 msg ID d0a153d3: Responded to the peer’s first message.
    Phase 1: Retransmission limit has been reached.
    Received a notification message for DOI 1 14 NO-PROPOSAL-CHOSEN.
    Received a notification message for DOI 1 14 NO-PROPOSAL-CHOSEN.
    Received a notification message for DOI 1 14 NO-PROPOSAL-CHOSEN.
    Received a notification message for DOI 1 14 NO-PROPOSAL-CHOSEN.
    Received a notification message for DOI 1 14 NO-PROPOSAL-CHOSEN.
    Received a notification message for DOI 1 14 NO-PROPOSAL-CHOSEN.

    when i delete any subnets from proxy id  it works perfect when i add next subnet it  doesn;t works 😕
    when i create next autokey ike  i can add news proxy id on existing tunel    but two or more autokey ike doesnt’t works on one gateway

    anyone know its is a problem with cisco asa ?


 

46
Online

38.4k
Users

12.7k
Topics

44.5k
Posts