ASA Configuration - Unable to Establish VPN Tunnel

Trying to configured an ASA, copied configuration from previous ASA 5505 and getting the following errors, keeps looping this error.
Not sure what the issue is.

%ASA-5-713904: IP = 64.206.83.72, No crypto map bound to interface... dropping pkt
%ASA-5-713904: IP = 64.206.83.94, Received encrypted packet with no matching SA, dropping
%ASA-5-713904: IP = 64.206.83.94, No crypto map bound to interface... dropping pkt
%ASA-5-713904: IP = 64.206.83.72, No crypto map bound to interface... dropping pkt
%ASA-5-713041: IP = 64.206.83.72, IKE Initiator: New Phase 1, Intf NP Identity Ifc, IKE Peer 64.206.83.72  local Proxy Address 10.128.1.26, remote Proxy Address 64.206.83.72,  Crypto map (_vpnc_cm)
%ASA-5-111008: User 'Easy VPN Dynamic Configurator' executed the 'clear configure tunnel-group' command.
%ASA-5-111008: User 'Easy VPN Dynamic Configurator' executed the 'clear configure crypto map _vpnc_cm' command.
Tim OBrienSystems EngineerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Pete LongTechnical ConsultantCommented:
Have you added the config for an EazyVPN to a firewall that already has VPN tunnels configured?

Please post a sanitised config

P
Tim OBrienSystems EngineerAuthor Commented:
Apologies if I didn't answer your question, the other ASA has successful VPN connection.
I haven't configured a ASA 5505 in months, so pathetic how I forget so much.

Please see my running-config

hostname asa-XXX-XXXX
domain-name XXXXXXX
enable password 8IUpdK56RC3 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
 switchport access vlan 10
 shutdown
!
interface Ethernet0/2
 shutdown
!
interface Ethernet0/3
 shutdown
!
interface Ethernet0/4
 shutdown
!            
interface Ethernet0/5
 shutdown
!
interface Ethernet0/6
 shutdown
!
interface Ethernet0/7
 shutdown
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.200.1 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address dhcp setroute
!
interface Vlan10
 no forward interface Vlan1
 nameif guest
 security-level 50
 ip address 192.168.2.1 255.255.255.0
!
ftp mode passive
clock timezone EST -5
clock summer-time EST recurring
dns domain-lookup outside
dns server-group DefaultDNS
 name-server 8.8.8.8
 name-server 8.8.4.4
 domain-name XXXXXXXX.com
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group network obj_inside
object-group network obj_guest
access-list snmp extended permit udp any any eq snmp
access-list global_access extended deny ip any any
access-list TCP extended permit tcp any any
!
tcp-map tmap
  tcp-options range 76 78 allow
!
pager lines 24
logging enable
logging console notifications
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu guest 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
icmp permit any outside
asdm image disk0:/asdm-716.bin
no asdm history enable
arp timeout 14400
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server Radius protocol radius
aaa-server Radius (inside) host 10.0.10.3
 key XXXXX
 radius-common-pw XXXXX
aaa authentication http console Radius LOCAL
aaa authentication ssh console Radius LOCAL
http server enable
http 192.168.0.0 255.255.0.0 inside
http 10.0.0.0 255.0.0.0 inside
snmp-server host inside 10.0.10.103 community XXXX version 2c
snmp-server host inside 10.0.10.24 community XXXX version 2c
snmp-server host inside 10.0.10.253 community XXXX version 2c
snmp-server host inside 10.0.10.254 community XXXX version 2c
no snmp-server location
no snmp-server contact
snmp-server community XXXX
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto isakmp identity hostname
crypto isakmp policy 65535
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
telnet timeout 5
ssh 10.0.0.0 255.0.0.0 inside
ssh 192.168.0.0 255.255.0.0 inside
ssh timeout 5
console timeout 0
management-access inside
dhcpd auto_config outside
!
dhcpd dns 10.0.10.3 10.0.10.8 interface inside
dhcpd domain XXXXXXX.com interface inside
!
dhcpd address 192.168.2.100-192.168.2.200 guest
dhcpd dns 8.8.8.8 8.8.4.4 interface guest
dhcpd enable guest
!
vpnclient server vpn3.XXXX.com vpn4.XXXX.com
vpnclient mode network-extension-mode
vpnclient nem-st-autoconnect
vpnclient vpngroup VPN800SplitTunnel password XXXXX
vpnclient username pa-XXXXXXX password XXXXX
vpnclient management tunnel 10.0.0.0 255.0.0.0 192.168.0.0 255.255.0.0
vpnclient enable
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 10.0.10.3
ntp server 10.5.0.25
webvpn        
username XXXXXXX password XXXXXXX encrypted
!
class-map cmap
 match access-list TCP
class-map voice-signaling
 match dscp af41
class-map inspection_default
 match default-inspection-traffic
class-map voice-traffic
 match dscp ef
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum client auto
  message-length maximum 512
policy-map pmap
 class cmap
  set connection advanced-options tmap
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect ip-options
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny  
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip  
  inspect xdmcp
  inspect icmp
  inspect icmp error
 class cmap
  set connection advanced-options tmap
policy-map llq-policy
 class voice-traffic
  priority
 class voice-signaling
  priority
policy-map type inspect h323 H323_Low
 parameters
!            
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
 profile CiscoTAC-1
  no active
  destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
  destination address email callhome@cisco.com
  destination transport-method http
  subscribe-to-alert-group diagnostic
  subscribe-to-alert-group environment
  subscribe-to-alert-group inventory periodic monthly
  subscribe-to-alert-group configuration periodic monthly
  subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:4744c37062dac80d33b584b3d086bb4d
: end
JustInCaseCommented:
No crypto map bound to interface... dropping pkt
As it is stated...
No crypto map is bounded to interface :)
crypto map CRYPTO_MAP_x interface outside

and also, as much as I can see, there is no crypto map created at all, there is no single crypto map command in config at all
Get Cisco Certified in IT Security

There’s a high demand for IT security experts and network administrators who can safeguard the data that individuals, corporations, and governments rely on every day. Pursue your B.S. in Network Operations and Security and gain the credentials you need for this high-growth field.

Pete LongTechnical ConsultantCommented:
Predrag Jovic - Its an EasyVPN config m8 - the ASA acts like its a VPN client and connects to the VPN server with a username and password (Note his outside IP is DHCP so a static IPSEC VPN would be impractical.)

Anyway  - Poster, Remove the VPN config you have added and you will need the username and password that was setup for this EasyVPN client.

Then configure this client like this

Configure Cisco EasyVPN With Cisco ASA 5500

pete

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Tim OBrienSystems EngineerAuthor Commented:
Sorry for delay in response, been working on another issue. I will update status later today or tomorrow at latest. Thanks for your input. I will try as you suggested
Tim OBrienSystems EngineerAuthor Commented:
I compared my vpn client statement to several ASA5505 which have established VPN connections and I don't see any differences.

Can you confirm that the only relevant section is:
vpnclient server vpn3.XXXX.com vpn4.XXXX.com
vpnclient mode network-extension-mode
vpnclient nem-st-autoconnect
vpnclient vpngroup VPN800SplitTunnel password XXXXX
vpnclient username pa-XXXXXXX password XXXXX
vpnclient management tunnel 10.0.0.0 255.0.0.0 192.168.0.0 255.255.0.0
vpnclient enable

Are there some debug commands which can assist me as there is something local I have configured wrong. Can't figure it out because I copied and pasted existing configurations and updated the relevant sections.
I will try tomorrow as you suggested using the ASDM to configure my Easy VPN setup but don't see how it will help.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.