Re: ASA 5510 VPN Problem

mrathod · ‎06-10-2006

Hello All,

We have a ASA 5510 that is configured as a Remote Access VPN Server using Preshared keys. When a Remote VPN Client tries to connect, the phase-1 connectivity gets established but phase 2 fails. The following errors are displayed on the ASA 5510:

Received encrypted packet with no matching SA, dropping

Session disconnected. Session Type IPSec, Reason: crypto map policy not found

Removing peer from correlator table failed, no match!

QM FSM error (P2 struct &0x2f23fc8, mess id 0xf8d08701)!

Rejecting IPSec tunnel: no matching crypto map entry for remote proxy on interface outside

PHASE 1 COMPLETED

Please help

Best Regards,

Manoj Rathod

a.kiprawih · ‎06-10-2006

Hi Manoj,

Can you post the VPN configuration? The error was related to the crypto map - either does not exists or not bind to outside interface.

Your config will provide a good clue.

Rgds,

AK

mrathod · ‎06-10-2006

Hi AK,

Thanks for your reply. Please find attached the running config of ASA. Do let me know what is wrong?

Best Regards

Manoj Rathod

a.kiprawih · ‎06-15-2006

Hi Manoj,

Sorry for the late reply.

Since your VPN is meant for VPN client that should allow connection from any anywhere, try to remove the "crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20".

Rgds,

AK

mrathod · ‎06-16-2006

Hi AK,

Thanks for your advice, I shall try the same and let you know.

Best Regards

Manoj Rathod