Phase 2 problem

Unanswered Question
Dec 4th, 2007

Hi.

We are having problems with our ipsec sa.

Phase 2 is failing to establish with a high number of send errors.

#send errors 411125

Debug error is

Dec 04 16:00:16 [IKEv1]: Group = 194.71.21.21, IP = 194.71.21.21, Static Crypto Map check, map = outside_map, seq = 6, ACL does not match proxy IDs src:0.0.0.0 dst:network-Local

I know this implies that a matching crypto map is not present but this WAS working until today.

Could anyone help?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mikedelafield Tue, 12/04/2007 - 07:38

it seems to attempt the SA as expecting using the local Ident but then attempts another using 0.0.0.0/0.0.0.0 any ideas why this would happen?

Actions

This Discussion