aime14
asked on
Rejecting IPSec tunnel
Hi All,
Iam setting up a VPN site to Site with a Fortigate router, It shows the Phase 1 is completed and the second phase is not able to complete. The error log shows errors that not matching the crypto map entry. Please find the errors as follows,
AAA retrieved default group policy (DfltGrpPolicy) for user = 217.112.144.84
Group = 217.112.144.84, IP = 217.112.144.84, Freeing previously allocated memory for authorization-dn-attribute
IP = 217.112.144.84, Received encrypted packet with no matching SA, dropping
Group = 217.112.144.84, Username = 217.112.144.84, IP = 217.112.144.84, Session disconnected. Session Type: IPSecLAN2LAN, Duration: 0h:00m:00s, Bytes xmt: 0, Bytes rcv: 0, Reason: crypto map policy not found
Group = 217.112.144.84, IP = 217.112.144.84, Removing peer from correlator table failed, no match!
Group = 217.112.144.84, IP = 217.112.144.84, QM FSM error (P2 struct &0x395e020, mess id 0x7ed53fbb)!
Group = 217.112.144.84, IP = 217.112.144.84, Rejecting IPSec tunnel: no matching crypto map entry for remote proxy 217.112.144.84/255.255.255
Group = 217.112.144.84, IP = 217.112.144.84, PHASE 1 COMPLETED
The configs of ASA is also attached.
Thanks in advance,
Regards..
ezetop-configs.txt
Iam setting up a VPN site to Site with a Fortigate router, It shows the Phase 1 is completed and the second phase is not able to complete. The error log shows errors that not matching the crypto map entry. Please find the errors as follows,
AAA retrieved default group policy (DfltGrpPolicy) for user = 217.112.144.84
Group = 217.112.144.84, IP = 217.112.144.84, Freeing previously allocated memory for authorization-dn-attribute
IP = 217.112.144.84, Received encrypted packet with no matching SA, dropping
Group = 217.112.144.84, Username = 217.112.144.84, IP = 217.112.144.84, Session disconnected. Session Type: IPSecLAN2LAN, Duration: 0h:00m:00s, Bytes xmt: 0, Bytes rcv: 0, Reason: crypto map policy not found
Group = 217.112.144.84, IP = 217.112.144.84, Removing peer from correlator table failed, no match!
Group = 217.112.144.84, IP = 217.112.144.84, QM FSM error (P2 struct &0x395e020, mess id 0x7ed53fbb)!
Group = 217.112.144.84, IP = 217.112.144.84, Rejecting IPSec tunnel: no matching crypto map entry for remote proxy 217.112.144.84/255.255.255
Group = 217.112.144.84, IP = 217.112.144.84, PHASE 1 COMPLETED
The configs of ASA is also attached.
Thanks in advance,
Regards..
ezetop-configs.txt
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.