Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
908
Views
0
Helpful
2
Replies

No SPI to identify Phase 2 SA

king06aaa
Level 1
Level 1

‎10-17-2008 06:04 AM - edited ‎03-09-2019 09:41 PM

I have configured several tunnels on an ASA 5510. But I am trying unsuccessfully to configure another one.

This particular tunnel is completing Phase 1 successfully, but then I get the error

"No SPI to identify Phase 2 SA".

I have scoured the internet and the responses I have seen say to check to make sure both ends have the same subnet and to make sure that PFS matches on both ends.

I have gone over and over the configs and cannot find any problems.

Anyone have any ideas?

Labels:
0 Helpful
2 Replies 2

singhsaju
Level 4
Level 4

‎10-17-2008 08:19 AM

Hi,

Can you post configs from both sides for us?

Also try disabling PFS from both sides and let the VPN tunnel come up with basic settings . You can add PFS later once tunnel is up.

Also post complete debugs from both sides .

HTH

Saju

Pls rate helpful posts

0 Helpful

king06aaa
Level 1
Level 1
In response to singhsaju

‎10-17-2008 09:04 AM

I solved the problem. It was an ACL problem

0 Helpful
Customers Also Viewed These Support Documents