cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
8768
Views
0
Helpful
2
Replies

No peer struct to get peer description

Andrew Duffield
Level 1
Level 1

Hi

I have a Cisco 881 running IOS 15.3

I have a Cisco ASA 5512 running ASA 9.1

When I configure the Cisco 881 to connect to the ASA, I get the following message:

"No peer struct to get peer description"

When I turn off and turn back on the crypto map on my Dialer 0 interface I get the following messages:

IPSEC: Expand action denied, discard or forward packet.

IPSEC: Expand action denied, notify RP

I have triple checked the ACL's and all look ok.

When I connect the ASA 5512 to a Sonicwall NSA, the tunnel comes up with no issues.

The 881 subnet is 192.168.118.0/24

The ASA subnet is 192.168.115.0/24

I have attached copies of the configs

Can someone please help me out with the config? Or is it something to do with IOS/ASA compatibility?

Thanks

Andy

2 Replies 2

Jon Marshall
Hall of Fame
Hall of Fame

Andrew

I am just logging off but two things -

1) it would help to do some debugging on one of the devices eg. "debug crypto iskamp" and "debug crypto ipsec".

Note that may not be the exact syntax as it has been a while since i did this.

From memory  the debugs are more revealing if you run them on device being connected to ie. not the initiator of the tunnel.

2) More importantly this is a public forum and your attached configurations have public IPs and the router config is showing your key for the VPN tunnel.

Usually with public IPs just showing the first and last octet with the 2nd and 3rd obscured is enough to give us the general idea.

If you can run a debug and post back then someone may be able to point you in the right direction.

Jon

Thanks Jon,

I have set the debug commands but I only get the messages mentioned in my post unfortunately.

Thanks

Andy

Review Cisco Networking for a $25 gift card