No SPI to identify Phase 2 SA

Unanswered Question
Oct 17th, 2008
User Badges:

I have configured several tunnels on an ASA 5510. But I am trying unsuccessfully to configure another one.


This particular tunnel is completing Phase 1 successfully, but then I get the error

"No SPI to identify Phase 2 SA".


I have scoured the internet and the responses I have seen say to check to make sure both ends have the same subnet and to make sure that PFS matches on both ends.


I have gone over and over the configs and cannot find any problems.


Anyone have any ideas?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
singhsaju Fri, 10/17/2008 - 08:19
User Badges:
  • Silver, 250 points or more

Hi,

Can you post configs from both sides for us?


Also try disabling PFS from both sides and let the VPN tunnel come up with basic settings . You can add PFS later once tunnel is up.


Also post complete debugs from both sides .


HTH

Saju

Pls rate helpful posts

Actions

This Discussion