ASA CTM ipsec poll ctl DU_IOCTL_RESUME_POLL ioctl failed error
When deploying a site-to-site IKEv1 IPSec VPN on a Cisco ASA using certain version 9.1.x software, you may receive the following error:
ASA1(config)# crypto ikev1 enable OUTSIDE ERROR: CTM ipsec poll ctl DU_IOCTL_RESUME_POLL ioctl failed.
This seems to be a bug that has to do with certain 9.1.x versions. This behavior has been experienced usually after an ASA software upgrade to one of these versions, but according to some, the problem does not disappear after the software is downgraded to a previously working version. Others have had to open TAC cases to resolve it.
There doesn’t seem to be any published solution to the issue beyond approaching TAC.
Links
https://networklessons.com/cisco/asa-firewall/cisco-asa-site-site-ikev1-ipsec-vpn
https://forum.networklessons.com/t/cisco-asa-site-to-site-ikev1-ipsec-vpn/825/94?u=lagapides