Log error Cisco Pix 506E - (identity doesn't match negotiated identity)

I am seeing the follow error in my firewall logs and cannot figure out the solution:

12.108.44.10 [local4.warning] %PIX-4-402103: identity doesn't match negotiated identity (ip) dest_addr= 12.108.44.10, src_addr= 65.191.170.2, prot= icmp, (ident) local=12.108.44.10, remote=65.191.170.2, local proxy=192.168.3.5/255.255.255.255/0/0, remote_proxy=10.31.240.194/255.255.255.255/0/0

Configuration in firewall is set as:
access-list nonat permit ip 192.168.3.0 255.255.255.0 host 10.31.240.194
access-list george permit icmp host 192.168.3.5 host 10.31.240.194
access-list george permit ip host 192.168.3.5 host 10.31.240.194




freejasoAsked:
Who is Participating?
 
DanJCommented:

Error Message    %PIX-4-402103: identity doesn't match negotiated identity (ip)
dest_address= dest_address, src_addr= source_address, prot= protocol, (ident)
local=inside_address, remote=remote_address,
local_proxy=IP_address/IP_address/port/port,
remote_proxy=IP_address/IP_address/port/port
Explanation    An unencapsulated IPSec packet does not match the negotiated identity. The peer is sending other traffic through this security association. It may be due to an security association selection error by the peer. This may be a hostile event.

Recommended Action    Contact the peer's administrator to compare policy settings.


0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.