Solved

Rejecting IPSec tunnel

Posted on 2008-06-17
2
7,069 Views
Last Modified: 2011-10-19
Hi All,

Iam setting up a VPN site to Site with a Fortigate router, It shows the Phase 1 is completed and the second phase is not able to complete. The error log shows errors that not matching the crypto map entry. Please find the errors as follows,
AAA retrieved default group policy (DfltGrpPolicy) for user = 217.112.144.84

Group = 217.112.144.84, IP = 217.112.144.84, Freeing previously allocated memory for authorization-dn-attributes

IP = 217.112.144.84, Received encrypted packet with no matching SA, dropping

Group = 217.112.144.84, Username = 217.112.144.84, IP = 217.112.144.84, Session disconnected. Session Type: IPSecLAN2LAN, Duration: 0h:00m:00s, Bytes xmt: 0, Bytes rcv: 0, Reason: crypto map policy not found

Group = 217.112.144.84, IP = 217.112.144.84, Removing peer from correlator table failed, no match!

Group = 217.112.144.84, IP = 217.112.144.84, QM FSM error (P2 struct &0x395e020, mess id 0x7ed53fbb)!

Group = 217.112.144.84, IP = 217.112.144.84, Rejecting IPSec tunnel: no matching crypto map entry for remote proxy 217.112.144.84/255.255.255.255/0/0 local proxy 192.168.25.0/255.255.255.0/0/0 on interface outside

Group = 217.112.144.84, IP = 217.112.144.84, PHASE 1 COMPLETED

The configs of ASA is also attached.

Thanks in advance,

Regards..
ezetop-configs.txt
0
Comment
Question by:aime14
2 Comments
 
LVL 7

Accepted Solution

by:
mabutterfield earned 500 total points
ID: 21803464
It looks like your encryption domains don't match.  The fortigate is trying to setup VPN for 192.168.25.0/24 on your end.  

You should adjust your cryptomap ACL.  


access-list outside_1_cryptomap extended permit ip host 213.255.196.50 host 217.112.144.84

should be

access-list outside_1_cryptomap extended permit ip 192.168.25.0 255.255.255.0 host 217.112.144.84
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ASA 5520 problem with Failover in Active/Standby 8 74
Line cards, Supervisor, Control plane 7 38
Auto Smartport macro for Dell and HP laptops 2 74
Cisco WAP POE power 28 82
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
Let’s list some of the technologies that enable smooth teleworking. 
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question