10-17-2008 06:04 AM - edited 03-09-2019 09:41 PM
I have configured several tunnels on an ASA 5510. But I am trying unsuccessfully to configure another one.
This particular tunnel is completing Phase 1 successfully, but then I get the error
"No SPI to identify Phase 2 SA".
I have scoured the internet and the responses I have seen say to check to make sure both ends have the same subnet and to make sure that PFS matches on both ends.
I have gone over and over the configs and cannot find any problems.
Anyone have any ideas?
10-17-2008 08:19 AM
Hi,
Can you post configs from both sides for us?
Also try disabling PFS from both sides and let the VPN tunnel come up with basic settings . You can add PFS later once tunnel is up.
Also post complete debugs from both sides .
HTH
Saju
Pls rate helpful posts
10-17-2008 09:04 AM
I solved the problem. It was an ACL problem
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide