Phase 2 problem

Unanswered Question
Dec 4th, 2007
User Badges:

Hi.

We are having problems with our ipsec sa.


Phase 2 is failing to establish with a high number of send errors.


#send errors 411125


Debug error is


Dec 04 16:00:16 [IKEv1]: Group = 194.71.21.21, IP = 194.71.21.21, Static Crypto Map check, map = outside_map, seq = 6, ACL does not match proxy IDs src:0.0.0.0 dst:network-Local


I know this implies that a matching crypto map is not present but this WAS working until today.


Could anyone help?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mikedelafield Tue, 12/04/2007 - 07:38
User Badges:

it seems to attempt the SA as expecting using the local Ident but then attempts another using 0.0.0.0/0.0.0.0 any ideas why this would happen?

Actions

This Discussion