Showing results for 
Search instead for 
Did you mean: 

No peer struct to get peer description

Andrew Duffield


I have a Cisco 881 running IOS 15.3

I have a Cisco ASA 5512 running ASA 9.1

When I configure the Cisco 881 to connect to the ASA, I get the following message:

"No peer struct to get peer description"

When I turn off and turn back on the crypto map on my Dialer 0 interface I get the following messages:

IPSEC: Expand action denied, discard or forward packet.

IPSEC: Expand action denied, notify RP

I have triple checked the ACL's and all look ok.

When I connect the ASA 5512 to a Sonicwall NSA, the tunnel comes up with no issues.

The 881 subnet is

The ASA subnet is

I have attached copies of the configs

Can someone please help me out with the config? Or is it something to do with IOS/ASA compatibility?



2 Replies 2

Jon Marshall
VIP Community Legend VIP Community Legend
VIP Community Legend


I am just logging off but two things -

1) it would help to do some debugging on one of the devices eg. "debug crypto iskamp" and "debug crypto ipsec".

Note that may not be the exact syntax as it has been a while since i did this.

From memory  the debugs are more revealing if you run them on device being connected to ie. not the initiator of the tunnel.

2) More importantly this is a public forum and your attached configurations have public IPs and the router config is showing your key for the VPN tunnel.

Usually with public IPs just showing the first and last octet with the 2nd and 3rd obscured is enough to give us the general idea.

If you can run a debug and post back then someone may be able to point you in the right direction.


Thanks Jon,

I have set the debug commands but I only get the messages mentioned in my post unfortunately.



Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers