I am trying to create a dynamic VPN tunnel with a Cisco ASA 5505 and a Symantec Gateway Security 460R device and having major issues. I can successfully establish a PHASE I connection, but when it gets to PHASE 2, I get the following error on the Cisco ASA device:
AAA retrieved default group policy (DfltGrpPolicy) for user = 18.104.22.168
Group = 22.214.171.124, IP = 126.96.36.199, PHASE 1 COMPLETED
Group = 188.8.131.52, IP = 184.108.40.206, Rejecting IPSec tunnel: no matching crypto map entry for remote proxy 10.4.167.0/255.255.255.0/0/0 local proxy 192.168.1.0/255.255.255.0/0/0 on interface outside
Group = 220.127.116.11, IP = 18.104.22.168, QM FSM error (P2 struct &0x398ed38, mess id 0x4573604d)!
Group = 22.214.171.124, IP = 126.96.36.199, Removing peer from correlator table failed, no match!
Group = 188.8.131.52, Username = 184.108.40.206, IP = 220.127.116.11, Session disconnected. Session Type: IPSecLAN2LAN, Duration: 0h:00m:00s, Bytes xmt: 0, Bytes rcv: 0, Reason: crypto map policy not found
10.4.167.0 is the remote subnet (Symantec Device), so the Cisco ASA sees the remote network, but is failing and disconnecting during PHASE 2 negotiations. I have set up everything on both devices to match (SA, Phrase Key, etc...), but I still get these errors. Any ideas?