05-24-2017 02:18 AM - edited 02-21-2020 09:17 PM
I have a IPsec lan-to-lan tunnel between a Cisco ASA and Cisco ASR1001.
I can see that the Phase 1 is OK:
SDN3-HUB-1#sh crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst src state conn-id status
1XX.XX.XXX.XXX 9X.XXX.XXX.XX QM_IDLE 1118 ACTIVE
IPv6 Crypto ISAKMP SA
But I have problem with Phase 2 and I am getting this massege from my debug output on ASR1001 Router:
May 24 2017 10:51:35.019: ISAKMP-ERROR: (1117):IPSec policy invalidated proposal with error 256
I have checked all my Phase 2 config on the ASA and the Router and seems to be right.
I need to know what does the IPSec policy invalidated proposal with error 256 .