We have a problem when enabling mode configuration. ESP tunnel setup works fine without, but when we enable mode configuration in the client, our Cisco router doesn't accept the IKE phase 2 proposal.
The error seems to be "no IPSEC cryptomap exists for local address 10.0.0.10", but we can't quite understand why. 10.0.0.10 is the router's outside address, not inside, and we do have a crypto map associated with the outside interface that is set to 10.0.0.10.
Another question is where we should put the "client configuration address respond
" - on the static or the dynamic crypto map?
Any input would be highly appreciated.