I have a VPN Tunnel between a PIX 515E (6.3) and an ASA 5510 (7.1). The tunnel went down recently, and removing one of two crypto map statements that was going to the same destination and rebuilding the tunnel brought it back up. However, on the PIX debug isakmp still shows the following:
What does this mean, typically? Also, can one determine if this tunnel will fail again? We have two other site to site VPN tunnels on the PIX, and neither of the other two devices generate these messages. I'll send configs, if necessary.
You are getting these messages because you have not correctly removed the config for the crypto map statement on either or both of the devices. Although this error is only cosmetic and will have no effect on the performance of the tunnel. Tunnels do go down due to variety of reasons and it is very hard to determine if a tunnel may go down unless the issue is very frequent.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...