Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
264
Views
0
Helpful
1
Replies

ASA5520 VPN upgrade problems

bkootstra
Level 1
Level 1

‎02-09-2007 08:48 AM - edited ‎02-21-2020 02:51 PM

I just upgraded my ASA5520 from version 7.0(1) to 7.1(2) to 7.2(2). Prior to upgrade I had a static VPN connection to a service provider's Cisco firewall. I also have configured dynamic vpns from cisco vpn clients to access our network via the 5520. Since the software upgrade, the service providers connection still works, but now my dynamic cisco VPN connectsion receive the following error:

IKE initiator: unable to find policy: Intf outside, Src: xxx.xxx.xxx.xxx, Dst yyy.yyy.yyy.y

If I put the IP of the VPN client's internet accessing the ASA into the PEER in place of the Sevice providers IP, the VPN client works.

Anyone have suggestions on how to allow the Static VPN connection to continue to work and allow dynamic VPN connections from any host to connect as they did in the 7.0(1) version? All was working well before upgrading the ASA software.

Labels:
0 Helpful
1 Reply 1

brispin
Level 1
Level 1

‎02-15-2007 06:40 AM

The following links provides a configuration example for Configuring PIX-to-Router Dynamic-to-Static IPSec With NAT

http://cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080094a87.shtml

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents