• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Site-to-site VPN IPSec error: IKE SA deleted by peer before establishment completed

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> VPN >> Site-to-site VPN IPSec error: IKE SA deleted by peer before establishment completed Page: [1]
Login
Message << Older Topic   Newer Topic >>
Site-to-site VPN IPSec error: IKE SA deleted by peer be... - 14.Oct.2009 3:35:54 PM   
lrimouro

 

Posts: 3
Joined: 29.Feb.2008
Status: offline
Hi,
My peer is a ISA 2006 and remote peer is a CISCO SAS.
The IPSec tunnel is open, and behind the SAS is possible to reach my internal network, but behind the ISA I can't reach remote network. When I try to ping a host in the remote network a Security Fail event is logged.

The analisty at the CISCO side told me that the problem is mine, He explaned that he did not find any occurence of my connection attempt in cisco log/trace.
Im stand at ISA Side and I have no interaction with CISCO settings.

Event Error Description:
IKE security association negotiation failed.
Mode:
Data Protection Mode (Quick Mode)

Filter:
Source IP Address 201.82.106.156
Source IP Address Mask 255.255.255.255
Destination IP Address 10.16.0.0
Destination IP Address Mask 255.255.0.0
Protocol 0
Source Port 0
Destination Port 0
IKE Local Addr 201.82.106.156
IKE Peer Addr 189.42.139.200
IKE Source Port 500
IKE Destination Port 500
Peer Private Addr

Peer Identity:
Preshared key ID.
Peer IP Address: 189.42.139.200

Failure Point:
Me

Failure Reason:
IKE SA deleted by peer before establishment completed

Extra Status:
Processed third (ID) payload
Initiator. Delta Time 1
0x0 0x0
Post #: 1
RE: Site-to-site VPN IPSec error: IKE SA deleted by pee... - 16.Oct.2009 6:08:53 PM   
inderjeet

 

Posts: 463
Joined: 25.Nov.2008
Status: offline
Check if this helps
http://www.isaserver.org/tutorials/Implementing-IPSEC-Site-to-Site-VPN-between-ISA-Server-2006-Beta-Cisco-PIX-501.html

What is the method of negotiation, is it certificates or pre-shared keys?

_____________________________

Inderjeet (MSFT)
My Blog: http://isingh.spaces.live.com

If you are a Microsoft Gold Partner, Contact us for Advisory/Consulting Services, Check https://partner.microsoft.com/US/supportsecurity/40012316

(in reply to lrimouro)
Post #: 2
RE: Site-to-site VPN IPSec error: IKE SA deleted by pee... - 17.Oct.2009 5:47:09 AM   
lrimouro

 

Posts: 3
Joined: 29.Feb.2008
Status: offline
My problem is fixed!
At CISCO side the Remote Network parameter was set to 192.168.99.0/24 and we add my gateway IP like this 192.168.99.0/24 201.82.106.156/32.

I guess, after compiling many articles and VPN manuals, that including my peer IP address in the CISCO Remote Network parameters I provided the missing information that was generating IKE Negotiating failure.

(in reply to inderjeet)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> VPN >> Site-to-site VPN IPSec error: IKE SA deleted by peer before establishment completed Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts