Hope someone can help here.
We have a cite-to-site tunnel established as per the config below. And someone on these forums recommended the config as a primary/backup VPN.
crypto map outside_vpn 11 match address VPN-TO-CUST
crypto map outside_vpn 11 set peer CUST_ENDPOINT_A
crypto map outside_vpn 11 set transform-set strong
crypto map outside_vpn 12 match address VPN-TO-CUST
crypto map outside_vpn 12 set peer CUST_ENDPOINT_B
crypto map outside_vpn 12 set transform-set strong
Now, the primary VPN works fine. A remote host can ping the external interface of our firewall over the VPN when VPN-A is up.
When VPN A fails, VPN-B is built. But this Tunnel will only accept traffic and will not transmit.
I get the following error.
Denied ICMP type=8, code=0 from 10.39.10.194 on interface Outside
IKE Initiator unable to find policy: Intf Outside, Src: x.x.x.x, Dst: 10.39.10.194
Where x.x.x.x is the external IP.
Please help me fix this problem?