Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2061
Views
0
Helpful
1
Replies

IPSEC Client phase 2 issue on ASA - No crypto map policy found

carl_townshend
Spotlight
Spotlight

‎12-17-2015 09:35 AM - edited ‎02-21-2020 08:35 PM

Hi all

I have just created a remote access policy for ike v1 client access on my ASA, This is for Avaya vpn phones using xauth.

Phase 1 works fine but when it then gets to phase 2, its coming up with the below

3 Dec 17 2015 17:21:54 713061 Group = VPNPHONE, Username = XXXX, IP = X.X.X.X, Rejecting IPSec tunnel: no matching crypto map entry for remote proxy 172.30.6.71/255.255.255.255/0/0 local proxy 0.0.0.0/0.0.0.0/0/0 on interface Outside
5 Dec 17 2015 17:21:54 713259 Group = VPNPHONE, Username = XXXX, IP = X.X.X.X, Session is being torn down. Reason: crypto map policy not found

what is causing this please and how do I fix it ?

Labels:
0 Helpful
1 Reply 1

Jon Are Endrerud
Level 3
Level 3

‎12-17-2015 12:36 PM

Looks like the crypto ACL does not mirror image between this site and the other site.

The crypto map for the IPsec tunnel must be the same.

The error says that the phone has 172.30.6.71/255.255.255.255/0/0, and the ASA has 0.0.0.0/0.0.0.0/0/0 on interface Outside. Locate the "crypto map" setting under VPN in ASDM and change this.

Please rate as helpful, if that would be the case. Thanx
0 Helpful
Customers Also Viewed These Support Documents