Guest

Preview Tool

Cisco Bug: CSCun31725 - ASA using IKEv2 rejects multiple NAT_DETECTION_SOURCE_IP payloads

Last Modified

Nov 27, 2020

Products (1)

  • Cisco Adaptive Security Appliance (ASA) Software

Known Affected Releases

9.1(2.8)

Description (partial)

Symptom:
Acting as the IKEv2 responder, ASA receives initial IKEv2 packet that contains multiple payloads for NAT_DETECTION_SO"URCE_IP from initiator.  ASA rejects the connection and prints "INVALID_SYNTAX"

Conditions:
-ASA acts as IKEv2 responder.
-ASA receives multiple payloads for "NAT_DETECTION_SOURCE_IP" from the initator.

Related Community Discussions

IKEv2 policy based VPN with Check Point peer
I'm in the process of setting up a new IKEv2 VPN from a Check Point device, terminating on a 1921 router running 15.4(3)M3. This VPN already has an IKEv2 VPN configured to an Azure VPN gateway, which is working without issue, but I'm having issues with the VPN from the Check Point and I'm struggling to understand why that is.  Relevant config (where I've changed the information to hide possibly sensitive information, I've added <> around the value):   crypto ikev2 keyring vpn-keyring peer <1.1.1.1> ...
Latest activity: Jul 25, 2018
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.