IKE security association negotiation failed.
Mode: Key Exchange Mode (Main Mode)
Filter:
<Source IP Address>
<Source IP Address Mask>
<Destination IP Address>
<Destination IP Address Mask>
<Protocol>
<Source Port>
<Destination Port>
Failure Point: Me
Failure Reason: IKE SA deleted before establishment completed
In my case, i got this event after one of the two reverse lookup zones in the DNS server failed to load. The problem was fixed by loading the missed zone.
As per Microsoft: "This audit is the primary diagnostic tool for determining IKE negotiation failures. It describes which mode (Main or Quick), which filter, where the failure occurred (Me or Peer), and gives an explanation of the failure as well as likely reasons for this failure". See MSW2KDB for information about this event.
Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.
Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.