I have configured a VPN remote access in my ASA 5510 with the following situation: The remote client connects to ASA and receive an ip. The connection authenticates perfectly but the traffic doesn't work. I saw ASA's log and got the following answer from it: 713042: IKE Initiator unable to find policy: Intf 1, Src: 192.168.1.51, Dst: 192.168.2.129. I checked it and the configurations seemed to be correct.
Could anyone help my solve this problem?
ip local pool HLG-VPN-POOL 192.168.2.129-192.168.2.190 mask 255.255.255.192
group-policy HLG-VPN internal
group-policy HLG-VPN attributes
split-tunnel-network-list value HLG-VPN_splitTunnelAcl
dns-server value 192.168.1.51 192.168.1.50
default-domain value hlg.com
tunnel-group HLG-VPN type ipsec-ra
tunnel-group HLG-VPN general-attributes
tunnel-group HLG-VPN ipsec-attributes
crypto dynamic-map dynmap 150 set transform-set ESP-3DES-MD5
Explanation This message indicates that the IPSec fast path processed a packet that triggered IKE, but IKE's policy lookup failed. This error could be timing related. The ACLs that triggered IKE might have been deleted before IKE processed the initiation request. This problem will most likely correct itself.
Explanation If the condition persists, check the L2L configuration, paying special attention to the ACLs associated with crypto maps.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :