Showing results for 
Search instead for 
Did you mean: 
Cisco Community November 2020 Spotlight Award Winners

One of the peers cannot establish the tunnel with ASA 5510


Core issue

These could be among the reasons for this behavior:

  • An incorrect peer IP address defined in the crypto-map.

  • The same crypto access-list command might be bound with both the crypto-map entries on the Adaptive Security Appliance (ASA). As a result, the second crypto-map entry is never hit, since the traffic meant for the second peer is matching with the crypto access-list bound with the first crypto-map entry.


To resolve this issue, verify that:

  • The peer IP is correct.

  • The access-list command bound with the separate crypto-map entries are different, so that the relevant access-list is hit, as shown:

access-list vpn1 permit ip
access-list vpn2 permit ip
crypto ipsec transform-set myset esp-3des esp-md5-hmac
crypto map IPsec_map 10 match address vpn1
crypto map IPsec_map 10 set peer
crypto map IPsec_map 10 set transform-set myset
crypto map IPsec_map 11 match address vpn2
crypto map IPsec_map 11 set peer
crypto map IPsec_map 11 set transform-set myset
crypto map IPsec_map interface outside

At this point, you should be able to pass traffic.

VPN Tunnel End Points

Any end point

VPN Protocols


VPN Tunnel Initialization

IPSec session is not established

Content for Community-Ad