I have an interesting issue when using ipsec between an ASA 5505 and a PIX 501. The tunnel comes up fine and works well so far. When using debug for isakmp/ipsec on the 501, I get the following output:
ISAKMP (0): processing NOTIFY payload 36136 protocol 1 spi 0, message ID = 2076513142 ISAMKP (0): received DPD_R_U_THERE from peer VPN_PEER_ASA ISAKMP (0): sending NOTIFY message 36137 protocol 1 return status is IKMP_NO_ERR_NO_TRANS
On the ASA, everything looks fine, the DPD_R_U_THERE_ACK is processed well. Can one of you help me on that "IKMP_NO_ERR_NO_TRANS" return status? There are multiple 501´s connceted to that ASA, just this single one throws this status. All the 501´s are running 6.3(5), the ASA runs 8.0(2)
I was looking for the possibility to check if the IKE SA is using DPD or regular keepalive messages. Unfortunately, "show crypto isakmp sa detail" does not show any of those flags at all, not on the ASA nor on the 501. I remember that this command was showing that info on PIX 515?
Thanks alot for your help!