I fixed that part of the

vamos_fernholz · ‎11-10-2016

Hello,

when trying to build a site to site vpn I encounter the following problem:

80.xx.xx.xx, Rejecting IPSec tunnel: no matching crypto map entry for remote proxy 192.168.0.0/255.255.255.0/0/0 local proxy 192.168.2.0/255.255.255.0/0/0 on interface htp

Where 192.168.0.0 is the remote network and 192.168.2.0 is the internal network.

I do have the following in Crypto Maps:

interface: htp (my external interface)

source: 192.168.0.0

destination: 192.168.2.0

service: ip. action: protect

peer: 80.xx.xx.xx. (the external IP of the router (TL-R600VPN) being used to build up the vpn tunnel from the outside).

Connection type is bidirectional. Shouldn't that work?

Rolando Valenzuela · ‎11-10-2016

What type/version for device are you configuring? try flipping the source and destination, usually the interesting traffic is defines as INTERNAL -> EXTERNAL

Rolando A. Valenzuela.

vamos_fernholz · ‎11-22-2016

Sorry for the delay in responding. I'm trying to connect a TP-Link TL-R600VPN to an ASA 5512. Switching source and destination didn't help.

vamos_fernholz · ‎11-23-2016

I fixed that part of the problem (network object in crypto map was not defined correctly) but encountered a new problem. Will open a new thread.

Cryptomap problem