cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
992
Views
0
Helpful
2
Replies

Site to Site VPN getspi error

apptionadmin
Level 1
Level 1

Hi,

My site to site VPN is failing with these error message.

Using IPsec SA configuration: 172.28.0.0/16<->192.168.100.0/28

[IKE] INFO:  Configuration found for 209.87.231.245.

[IKE] INFO:  Configuration found for 209.87.231.245.

[IKE] INFO:  Initiating new phase 2 negotiation: 209.183.24.116[0]<=>209.87.231.245[0]

[IKE] ERROR:  encryption 7 failed.

[IKE] ERROR:  failed to start post getspi.

[IKE] INFO:  an undead schedule has been deleted: 'quick_i1prep'

Looks like something is hung at the ASA side, is there a way to clear the tunnel or the problem bigger then I think...

Thank you for your help.

2 Replies 2

ivykaixin
Level 1
Level 1

Hi

please check the configration about the ipsec phase 2 transformset .

I think there is some miss about the configtration .

Would you share your configration of the ASA?

Hi,

I rebooted both Firewall this morning and site to site is up and working.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: