Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
696
Views
0
Helpful
2
Replies

ASA 5510 VPN Remote Access problems

danielsales
Level 1
Level 1

‎09-15-2006 10:46 AM - edited ‎02-21-2020 02:37 PM

HI,

I have configured a VPN remote access in my ASA 5510 with the following situation: The remote client connects to ASA and receive an ip. The connection authenticates perfectly but the traffic doesn't work. I saw ASA's log and got the following answer from it: 713042: IKE Initiator unable to find policy: Intf 1, Src: 192.168.1.51, Dst: 192.168.2.129. I checked it and the configurations seemed to be correct.

Could anyone help my solve this problem?

ip local pool HLG-VPN-POOL 192.168.2.129-192.168.2.190 mask 255.255.255.192

group-policy HLG-VPN internal

group-policy HLG-VPN attributes

split-tunnel-policy tunnelspecified

split-tunnel-network-list value HLG-VPN_splitTunnelAcl

dns-server value 192.168.1.51 192.168.1.50

default-domain value hlg.com

tunnel-group HLG-VPN type ipsec-ra

tunnel-group HLG-VPN general-attributes

default-group-policy HLG-VPN

authentication-server-group ACS

address-pool HLG-VPN-POOL

tunnel-group HLG-VPN ipsec-attributes

pre-shared-key *

crypto dynamic-map dynmap 150 set transform-set ESP-3DES-MD5

crypto dynamic-map dynmap 150 set security-association lifetime seconds 28800 kilobytes 4608000

no crypto dynamic-map dynmap 150 set nat-t-disable

no crypto dynamic-map dynmap 150 set reverse-route

crypto map ipsec_map interface outside

Labels:
0 Helpful
2 Replies 2

aghaznavi
Level 5
Level 5

‎09-21-2006 08:28 AM

Error Message %PIX|ASA-3-713042: IKE Initiator unable to find policy: Intf

interface_number, Src: source_address, Dst: dest_address

Explanation This message indicates that the IPSec fast path processed a packet that triggered IKE, but IKE's policy lookup failed. This error could be timing related. The ACLs that triggered IKE might have been deleted before IKE processed the initiation request. This problem will most likely correct itself.

Explanation If the condition persists, check the L2L configuration, paying special attention to the ACLs associated with crypto maps.

check this link:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00805734ae.shtml

0 Helpful

ipagliani
Level 1
Level 1

‎01-17-2007 04:08 AM

I had fix with 7.2(2)

0 Helpful
Customers Also Viewed These Support Documents