07-03-2008 07:09 PM - edited 03-11-2019 06:09 AM
Hi, I have setup ASA 5505 and on other site we are using songate FW and I have setup Tunnel between both devices and when I run this command sh isakmp then it shows the Tunnel status is active but when I try to ping any divice or try to open any server then it doesn't respond. I checked the asdm logs and found "Received encrypted packet with no matching SA, dropping" this error. Please advice. Thanks.
07-03-2008 08:37 PM
sh crypto isa sa
sh crypto ipsec sa
07-05-2008 03:14 AM
I have used both above commands and it shows me that the Tunnel is in Active mode. And only for the time being, I am able to ping the other site servers otherwise not. Please advice. I checked logs and found :- Received encrypted packet with no matching SA, dropping.... Please advice
07-06-2008 08:35 AM
Please advice....
07-06-2008 09:26 AM
Hi,
Make sure your lifetime is same on both sides..and sysopt conn ipsec is permit.
07-06-2008 09:59 AM
show the configurations on both sides.
07-06-2008 02:57 PM
You mentioned that you have Stonegate firewall
on the other side? Is that correct?
If this is the case, Stonegate uses Checkpoint
technologies. Therefore, I kinda suspect that
it supper-net the network on its end and send
it over to Cisco. That will definitely break
VPN.
Checkpoint the vpn encryption on the
stonegate's side and make sure that you do
not have super-net on stonegate. I am not
familiar with Stonegate but in Checkpoint,
you modified the parameter
"IKE_largest_possible_subnet" from true to
false. You can also modify the
$FWDIR/conf/user.def file and make sure you
include the networks behind stonegate
firewall.
What version of stonegate are you running?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: