Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
564
Views
3
Helpful
7
Replies

issue between the asa and rv 320

Abdelrahman salah
Level 1
Level 1

‎04-16-2023 10:47 AM

hi

this issue on VPN initiated between cisco asa and cisco rv 320 router
the vpn tunnel is estableshed but this IKEV1 error appear in debud 

Apr 12 21:05:43 [IKEv1]Group = DefaultL2LGroup, IP = 177.8.169.134, Session is being torn down. Reason: crypto map policy not found
Apr 12 21:06:15 [IKEv1]Group = DefaultL2LGroup, IP = 177.8.169.134, QM FSM error (P2 struct &0xaef71010, mess id 0xd07a6c4f)!
Apr 12 21:06:15 [IKEv1]Group = DefaultL2LGroup, IP = 177.8.169.134, Removing peer from correlator table failed, no match!

7 Replies 7

Flavio Miranda
VIP
VIP

‎04-16-2023 11:10 AM

Hi

 How the output of  'show run crypto map"

Looks like?

0 Helpful

HusseinOmar7088
Level 1
Level 1
In response to Flavio Miranda

‎04-17-2023 02:37 PM

Hello Flavio iam the main owner of the case and this is the crypto map output:

FWGT-INASA1# show run crypto map
crypto map outside_map 1 match address Outside_Primary_cryptomap
crypto map outside_map 1 set peer 200.205.184.66
crypto map outside_map 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 1 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map outside_map 3 match address Outside_Primary_cryptomap_2
crypto map outside_map 3 set peer 200.205.184.66
crypto map outside_map 3 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map vpn-test 10 match address vpn-test
crypto map vpn-test 10 set peer 200.205.184.66
crypto map vpn-test 11 match address VPN_ACL
crypto map vpn-test 11 set peer 200.205.184.66
crypto map vpn-test 11 set ikev1 transform-set test-set
crypto map rvasa 1 match address vpn
crypto map rvasa 1 set peer 200.205.184.6 200.205.184.66
crypto map rvasa 1 set ikev1 transform-set asarv
crypto map rvasa interface Outside_Primary
crypto map asarv 1 match address vpn
crypto map asarv 1 set peer 200.205.184.66
crypto map asarv 1 set ikev1 transform-set asarv
FWGT-INASA1#

0 Helpful

MHM Cisco World
VIP
VIP

‎04-16-2023 12:46 PM

there is static and dynamic Crypto map in ASA
I need to see config of ASA

0 Helpful

MHM Cisco World
VIP
VIP

‎04-18-2023 03:50 AM

FWGT-INASA1# show run crypto map
crypto map outside_map 1 match address Outside_Primary_cryptomap
crypto map outside_map 1 set peer 200.205.184.66
crypto map outside_map 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 1 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map outside_map 3 match address Outside_Primary_cryptomap_2
crypto map outside_map 3 set peer 200.205.184.66
crypto map outside_map 3 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map vpn-test 10 match address vpn-test
crypto map vpn-test 10 set peer 200.205.184.66
crypto map vpn-test 11 match address VPN_ACL
crypto map vpn-test 11 set peer 200.205.184.66
crypto map vpn-test 11 set ikev1 transform-set test-set
crypto map rvasa 1 match address vpn
crypto map rvasa 1 set peer 200.205.184.6 200.205.184.66
crypto map rvasa 1 set ikev1 transform-set asarv
crypto map rvasa interface Outside_Primary
crypto map asarv 1 match address vpn
crypto map asarv 1 set peer 200.205.184.66
crypto map asarv 1 set ikev1 transform-set asarv

there are many crpyto map in one FW!! are there multi OUT interface ???

HusseinOmar7088
Level 1
Level 1
In response to MHM Cisco World

‎04-18-2023 01:48 PM

for no now but some crypto maps can be related to to same tunnel that have the issue

 

0 Helpful

MHM Cisco World
VIP
VIP
In response to HusseinOmar7088

‎04-18-2023 01:50 PM

You can not config multi crypto map under same interface' BUT you can config multi seq of same crypto map under same interface.

HusseinOmar7088
Level 1
Level 1
In response to MHM Cisco World

‎04-18-2023 01:52 PM

can you give further details

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card