Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Asa 5510 Remote access VPN issue

Hi all!!!

I need organize 2 type of access between 2 asa 5510 - site 2 site and Remote access. VPN Peers are same for both situation.

One of peers has IP address and another has ( sw version 9.1(3) )

peer has network and peer has (interface inside) and (interface DMZ).

Need following configuretion:  must have access to via Site 2 Site VPN

also need access to via RA vpn.

When I configure ONLY ONE TYPE VPN Tunnel, it works, but I need BOTH TYPE VPN at same time.

In Log windew I see following errors:

%ASA-6-713905: Group = UserGroup, Username = User, IP = A.A.A.A,    Skipping dynamic map SYSTEM_DEFAULT_CRYPTO_MAP sequence 65535: cannot    match peerless map when peer found in previous map entry.

%ASA-3-713061:    Group = UserGroup, Username = User, IP = A.A.A.A, Rejecting IPSec    tunnel: no matching crypto map entry for remote proxy local proxy on    interface outside Asa upgrade done short time ago, there was sw 8.2(x) verson before, and both VPN was worked correctly, after upgrade I have reseived erros above.

How can I solve this issue? (SSL VPN not a solution, IPSEC is required).

Thanks in advance.

New Member

Asa 5510 Remote access VPN issue

No ideas ?

New Member

Re: Asa 5510 Remote access VPN issue


Static Nat is solution.

I have created rule as follows:

nat (inside,outside) source static destination static no-proxy-arp