Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

No SPI to identify Phase 2 SA

I have configured several tunnels on an ASA 5510. But I am trying unsuccessfully to configure another one.

This particular tunnel is completing Phase 1 successfully, but then I get the error

"No SPI to identify Phase 2 SA".

I have scoured the internet and the responses I have seen say to check to make sure both ends have the same subnet and to make sure that PFS matches on both ends.

I have gone over and over the configs and cannot find any problems.

Anyone have any ideas?

  • Other Security Subjects
2 REPLIES
Silver

Re: No SPI to identify Phase 2 SA

Hi,

Can you post configs from both sides for us?

Also try disabling PFS from both sides and let the VPN tunnel come up with basic settings . You can add PFS later once tunnel is up.

Also post complete debugs from both sides .

HTH

Saju

Pls rate helpful posts

New Member

Re: No SPI to identify Phase 2 SA

I solved the problem. It was an ACL problem

682
Views
0
Helpful
2
Replies