I just upgraded my ASA5520 from version 7.0(1) to 7.1(2) to 7.2(2). Prior to upgrade I had a static VPN connection to a service provider's Cisco firewall. I also have configured dynamic vpns from cisco vpn clients to access our network via the 5520. Since the software upgrade, the service providers connection still works, but now my dynamic cisco VPN connectsion receive the following error:
IKE initiator: unable to find policy: Intf outside, Src: xxx.xxx.xxx.xxx, Dst yyy.yyy.yyy.y
If I put the IP of the VPN client's internet accessing the ASA into the PEER in place of the Sevice providers IP, the VPN client works.
Anyone have suggestions on how to allow the Static VPN connection to continue to work and allow dynamic VPN connections from any host to connect as they did in the 7.0(1) version? All was working well before upgrading the ASA software.