{"id":1971,"date":"2014-01-24T14:55:42","date_gmt":"2014-01-24T14:55:42","guid":{"rendered":"http:\/\/mccltd.net\/blog\/?p=1971"},"modified":"2014-01-25T09:50:07","modified_gmt":"2014-01-25T09:50:07","slug":"troubleshooting-isakmp-phase-1-messages-part-2","status":"publish","type":"post","link":"http:\/\/darenmatthews.com\/blog\/?p=1971","title":{"rendered":"Troubleshooting ISAKMP Phase 1 Messages &#8211; Part 2"},"content":{"rendered":"<p>This post explains the IKE Debug message: &#8220;<strong>Duplicate first packet detected&#8221;<\/strong><\/p>\n<p>This event is logged when packets do not reach their destination, usually due to network routing problems. The Phase 1 IKE exchange between the tunnel peers fail at MM_WAIT_MSG2<\/p>\n<p>( see: <strong><a href=\"http:\/\/darenmatthews.com\/blog\/?p=1962\">Troubleshooting ISAKMP Phase 1 Messages \u2013 Part 1<\/a><\/strong> to understand the IKE Messages further)<\/p>\n<p>1) IKE initator sends MM_SND_MSG1 and goes into MM_WAIT_MSG2 state<br \/>\n2) IKE responder receives MM_SND_MSG1 and sends MM_SND_MSG2 back to the initiator and goes into a MM_WAIT_MSG3 state, expecting MM_SND_MSG3 as the next exchage from the initiator<br \/>\n3) IKE initiator having not received MM_SND_MSG2 from the responder, resends MM_SND_MSG1, resulting in the &#8220;Duplicate first packet detected&#8221; being logged on the responder.<!--more--><\/p>\n<p>In the debug (from the initiator) you can see this occuring:<\/p>\n<blockquote><p>Jan 24 09:02:44 [IKEv1 DEBUG]: IP = 123.123.123.123, IKE MM Initiator FSM error history (struct &amp;0xafd4cc28)\u00a0 &lt;state&gt;, &lt;event&gt;:\u00a0 MM_DONE, EV_ERROR&#8211;&gt;MM_WAIT_MSG2, EV_RETRY&#8211;&gt;MM_WAIT_MSG2, EV_TIMEOUT&#8211;&gt;MM_WAIT_MSG2, NullEvent&#8211;&gt;MM_SND_MSG1, EV_SND_MSG&#8211;&gt;MM_SND_MSG1, EV_START_TMR&#8211;&gt;MM_SND_MSG1, EV_RESEND_MSG&#8211;&gt;MM_WAIT_MSG2, EV_RETRY<\/p><\/blockquote>\n<p>On the responder you can see that MSG1 arrived and to the responder returned MSG2 back to thie initiator &#8211; but it never arrives!\u00a0 The initiator stays at MM_WAIT_MSG3 and then re-sends MSG2.\u00a0 The IKE responder receives MM_SND_MSG1 a second time and logs &#8220;Duplicate first packet detected&#8221;.\u00a0 This process repeats three times and then the tunnel is torn down.<\/p>\n<blockquote><p>Jan 24 14:10:25 [IKEv1]IP = 123.123.123.123, IKE_DECODE RESENDING Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 124<br \/>\nJan 24 14:10:33 [IKEv1 DEBUG]IP = 123.123.123.123, IKE MM Responder FSM error history (struct &amp;0x00007fff377c82e0)\u00a0 &lt;state&gt;, &lt;event&gt;:\u00a0 MM_DONE, EV_ERROR&#8211;&gt;MM_WAIT_MSG3, EV_TIMEOUT&#8211;&gt;MM_WAIT_MSG3, NullEvent&#8211;&gt;MM_SND_MSG2, EV_SND_MSG&#8211;&gt;MM_SND_MSG2, EV_START_TMR&#8211;&gt;MM_SND_MSG2, EV_RESEND_MSG&#8211;&gt;MM_WAIT_MSG3, EV_TIMEOUT&#8211;&gt;MM_WAIT_MSG3, NullEvent<br \/>\nJan 24 14:10:33 [IKEv1 DEBUG]IP = 123.123.123.123, IKE SA MM:fc0b05cf terminating:\u00a0 flags 0x01000002, refcnt 0, tuncnt 0<br \/>\nJan 24 14:10:33 [IKEv1 DEBUG]IP = 123.123.123.123, sending delete\/delete with reason message<\/p><\/blockquote>\n<p>In this case the problem was the absence of a default route out of the outside interface on the Cisco ASA 5525 (the router has been defaulted and this was an omission).<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This post explains the IKE Debug message: &#8220;Duplicate first packet detected&#8221; This event is logged when packets do not reach their destination, usually due to network routing problems. The Phase 1 IKE exchange between the tunnel peers fail at MM_WAIT_MSG2 ( see: Troubleshooting ISAKMP Phase 1 Messages \u2013 Part 1 to understand the IKE Messages [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[83,13],"tags":[36,69,70],"_links":{"self":[{"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/1971"}],"collection":[{"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1971"}],"version-history":[{"count":6,"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/1971\/revisions"}],"predecessor-version":[{"id":1978,"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/1971\/revisions\/1978"}],"wp:attachment":[{"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1971"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1971"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1971"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}