Hello,
We have a VPN running between 2 sites with a Cisco ASA 5510 at the main office and a NetVanta 1224R at the remote site. The internet service recently went down at the remote site and has been restored. However, since service was restored, the VPN will not come up and the NetVanta repeats these errors on the console:
2012.06.29 10:50:29 CRYPTO_IKE.NEGOTIATION IkeInNotifyProcess : Invalid Protocol Id
2012.06.29 10:50:29 CRYPTO_IKE.NEGOTIATION IkeHandleInfoXChg : InNotifyProcess failed
2012.06.29 10:50:29 CRYPTO_IKE.NEGOTIATION peer XX.XXX.XXX.XX: IkeHandleInfoXChg fail (I've masked the IP for privacy reasons)
Reboots have not resolved the errors
Does anyone know how to clear these and get the VPN up again?
Thanks,
Kris
Hi Levi,
I was able to resolve this. It turned out the transform sets didn't match on the ASA and ADTRAN. I modfied the transform set on the ASA to match the ADTRAN and the VPN was working again.
Thank you for asking this question in the support community. When you get a chance, will you please attach a copy of the ADTRAN's configuration, as well as the debug output from the debug crypto ike command? (please remove any sensitive information to your organization)
Also, for your reference here is a configuration and troubleshooting guide: Configuring a VPN using Main Mode in AOS
Levi
Hi Levi,
I was able to resolve this. It turned out the transform sets didn't match on the ASA and ADTRAN. I modfied the transform set on the ASA to match the ADTRAN and the VPN was working again.
I went ahead and flagged this post as “Assumed Answered.” If any of the responses on this thread assisted you, please mark them as either Correct or Helpful answers with the applicable buttons. This will make them visible and help other members of the community find solutions more easily. If you still need assistance, I would be more than happy to continue working with you on this - just let me know in a reply.
Levi
I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post and unmark it and select another in its place with the applicable buttons. If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.
Thanks,
Levi