03-25-2010 06:52 AM
I have an ASA 5510 with a stic address and a 5505 with a dynmic.
I have created a dynamic VPN on the 5510. When the 5505 with it's dynamic address tried to connect with me I get the following errors:
Mar 25 05:45:14 [IKEv1]: IP = 213.137.6.203, Received ISAKMP Aggressive Mode message 1 with unknown tunnel group name '213.137.6.203'.
Mar 25 05:45:14 [IKEv1]: Group = DefaultRAGroup, IP = 213.137.6.203, Removing peer from peer table failed, no match!
Mar 25 05:45:14 [IKEv1]: Group = DefaultRAGroup, IP = 213.137.6.203, Error: Unable to remove PeerTblEntry
I also get a similar error when the 5505 has the Aggressive Mode disabled
Solved! Go to Solution.
03-25-2010 11:58 AM
It looks like the 5510 believes this is a L2L (site-to-site) connection request as opposed to a dynamically-established connection. It does not have a tunnel group for 213.137.6.203. You could create a tunnel group with that name to resolve this issue.
The other option is to set up the ASA's for a Remote Access (e.g., Easy VPN) connection.
Here is a URL describing how to set up L2L and Easy VPN with NEM. HTH
http://www.cisco.com/application/pdf/paws/100313/pixasa_easy_l2l_vpn.pdf
03-25-2010 11:58 AM
It looks like the 5510 believes this is a L2L (site-to-site) connection request as opposed to a dynamically-established connection. It does not have a tunnel group for 213.137.6.203. You could create a tunnel group with that name to resolve this issue.
The other option is to set up the ASA's for a Remote Access (e.g., Easy VPN) connection.
Here is a URL describing how to set up L2L and Easy VPN with NEM. HTH
http://www.cisco.com/application/pdf/paws/100313/pixasa_easy_l2l_vpn.pdf
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: