Hello,
I have a site-site VPN between a Cisco ASA & a non-cisco device. The 'sites' are sensors, which only have a couple of IPs so they're on /29 networks. I needed to add more sites, so copied the original VPN settings using the ASDM.
The sites are in several 192.168.205.xxx /29 (255.255.255.248) ranges, which map to 192.168.105.xx /29 interfaces on the ASA.
However, other than the original site, I'm seeing the following error;
The decapsulated inner packet doesn't match the negotiated policy in the SA.
The packet specifies its destination as 255.255.255.255, its source as 192.168.205.37, and its protocol as udp.
The SA specifies its local proxy as 192.168.105.32/255.255.255.248/ip/0 and its remote_proxy as 192.168.205.32/255.255.255.248/ip/0.
From what I can work out from the error;
I am sending a packet from my laptop at address 192.168.205.37 to somewhere else (broadcast in this case, have also seen other addresses I ping, such as 8.8.8.8). This is correct.
The local address is 192.168.105.32/29 This is correct.
The remote site address is 192.168.205.32/29 This is also correct.
What am I missing? There are a couple of things I don't understand;
"The SA specifies" - where is the SA config defined on the SA?
"....the local proxy..." maybe I miss-understand what is meant by the proxies?
Thank you for any advice.
I haven't uploaded any configs as they're absolutely huge. If I need to show anything, let me know the relevant bits...
Thanks!
