I am running an ASA 5510 with software version 7.2 installed and VPN set up. From a functional standpoint, VPN appears to be working fine- users can connect and access the network and internet properly. However, whenever someone is connected, I get a load of messages in the log like the following:
3 Dec 04 2006 08:58:24 713042 IKE Initiator unable to find policy: Intf inside, Src: 10.9.3.51, Dst: 10.8.1.2
10.8.1.x is the subnet that is assigned to the VPN clients. I know the description for this error says that it is "probably timing related and will most likely correct itself", but I continue to get these whenever someone is connected. Considering that when the user is connected using the cisco client, everything appears to work, it would seem that this is primarily a cosmetic issue, but I would like to get it fixed so it stops filling up my logs.
On a potentially related note, if I attempt to connect using the Apple VPN client (which uses the MS chap protocol) it also appears to connect properly, but throws the same string of errors. The difference is that while the cisco client still appears to function properly, the apple client does not- could this be a more extreme symptom of the same problem, exacerbated by the protocol being used? Thanks for any assistance that can be provided on either or both of these errors.
Makes sense, except that it is an ipsec-ra tunnel, not an ipsec-L2L tunnel. Unless of course, I'm just not understanding the terminology, which is entirely possible. Either way, how might I go about fixing the issue? Thanks for the response!
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :