No SPI to identify Phase 2 SA

Unanswered Question
Oct 17th, 2008

I have configured several tunnels on an ASA 5510. But I am trying unsuccessfully to configure another one.

This particular tunnel is completing Phase 1 successfully, but then I get the error

"No SPI to identify Phase 2 SA".

I have scoured the internet and the responses I have seen say to check to make sure both ends have the same subnet and to make sure that PFS matches on both ends.

I have gone over and over the configs and cannot find any problems.

Anyone have any ideas?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
singhsaju Fri, 10/17/2008 - 08:19


Can you post configs from both sides for us?

Also try disabling PFS from both sides and let the VPN tunnel come up with basic settings . You can add PFS later once tunnel is up.

Also post complete debugs from both sides .



Pls rate helpful posts

king06aaa Fri, 10/17/2008 - 09:04

I solved the problem. It was an ACL problem


Login or Register to take actions

This Discussion

Posted October 17, 2008 at 6:04 AM
Replies:2 Overall Rating:
Views:653 Votes:0
Tags: No tags.