Site to Site VPN Problem

Unanswered Question
May 4th, 2007
User Badges:

I am trying to create a dynamic VPN tunnel with a Cisco ASA 5505 and a Symantec Gateway Security 460R device and having major issues. I can successfully establish a PHASE I connection, but when it gets to PHASE 2, I get the following error on the Cisco ASA device:

AAA retrieved default group policy (DfltGrpPolicy) for user =


Group =, IP =, Rejecting IPSec tunnel: no matching crypto map entry for remote proxy local proxy on interface outside

Group =, IP =, QM FSM error (P2 struct &0x398ed38, mess id 0x4573604d)!

Group =, IP =, Removing peer from correlator table failed, no match!

Group =, Username =, IP =, Session disconnected. Session Type: IPSecLAN2LAN, Duration: 0h:00m:00s, Bytes xmt: 0, Bytes rcv: 0, Reason: crypto map policy not found is the remote subnet (Symantec Device), so the Cisco ASA sees the remote network, but is failing and disconnecting during PHASE 2 negotiations. I have set up everything on both devices to match (SA, Phrase Key, etc...), but I still get these errors. Any ideas?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
acomiskey Fri, 05/04/2007 - 11:24
User Badges:
  • Green, 3000 points or more

Can you post ASA config? Most likely a problem with your crypto acl.


This Discussion