05-10-2016 02:58 PM - edited 02-21-2020 08:48 PM
We have a VPN tunnel established from our on-premise ASA to AWS Cloud. We have also configured the AD Connector but we get this error when we try to ping from AWS or run the directory service port test to the public IP on our ASA. The error in the ASA log is below. The domain controller is inside of our ASA, not on AWS. I've substituted the IP addresses with descriptions. Any suggestions or help would be appreciated.
4 | May 10 2016 | 17:36:44 | 402116 | <AWS Public IP> | <ASA Public IP> | IPSEC: Received an ESP packet (SPI= 0x05652837, sequence number= 0x346) from <AWS Public IP> (user= AWS Public IP) to <ASA Public IP>. The decapsulated inner packet doesn't match the negotiated policy in the SA. The packet specifies its destination as <domain controller IP>, its source as <AWS Internal IP>, and its protocol as udp. The SA specifies its local proxy as <Our internal subnet/subnet mask>/ip/0 and its remote_proxy as <AWS Internal Subnet/Subnet Mask>/ip/0. |