Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
497
Views
0
Helpful
5
Replies

ASA L2L VPN Error

jphilope
Level 3
Level 3

‎06-11-2008 09:02 AM - edited ‎02-21-2020 03:46 PM

Hello all,

Trying to migrate our L2L VPN connections from our 3030 concentrator to our ASA 5520 running 8.0(3). It looks to be trying to establish our test tunnel. But we get the following error on the remote end: *Jun 11 16:13:15.740: No peer struct to get peer description

Any clues?

TIA,

Jim

Labels:
0 Helpful
5 Replies 5

JORGE RODRIGUEZ
Level 10
Level 10

‎06-11-2008 07:15 PM

Jim,

I don't believe the asa or the other end applience will attempt to bring the tunnel up until one side sends interesting traffic, depending on how your tunnel is setup in terms who will be the initiator one side must generate traffic to bring up the tunnel. Have you tried sending pings or whichever tcp traffic you configured in your acls?

If you have sent interesting traffic and no joy I would suggest to troubleshoot fruther with debug crypto isakmp to determin where phase-1 fails.

As double check, make sure both ends coninside and perfectly match/agree on the isakmp policy settings, this is the most common stage where l2l fails at first.

Rgds

-Jorge

Jorge Rodriguez
0 Helpful

jphilope
Level 3
Level 3
In response to JORGE RODRIGUEZ

‎06-12-2008 03:56 AM

Jorge,

Thanks. The error message was debug output. Not sure what it is. Never saw this kind of message before. The ISAKMP policy do indeed match as well as the transforms. This message appears only when traffic is initiated (telnet).

Jim

0 Helpful

JORGE RODRIGUEZ
Level 10
Level 10
In response to jphilope

‎06-12-2008 05:52 AM

Hi Jim,

Are you generating the interesting traffic from a valid source, I mean from a source that you have permitted in the acl of this tunnel policy.

Can you post the complete output of debug crypto isakmp to see the flow.

After you get the complete output of above debug also post the output of show crypto isakmp sa.

Rgds

-Jorge

Jorge Rodriguez
0 Helpful

jphilope
Level 3
Level 3
In response to JORGE RODRIGUEZ

‎06-12-2008 08:44 AM

Jorge,

Thanks. Ended up being the ACL. I finally did an IP any any and it came up. Then worked backwards to refine the ACL and now all is well. I had also missed a specific route as I assumed the default would take care of it.

0 Helpful

JORGE RODRIGUEZ
Level 10
Level 10
In response to jphilope

‎06-12-2008 12:49 PM

Jim, thanks for updating the post and glad it all worked out.

Rgds

-Jorge

Jorge Rodriguez
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents