Solved: Re: ASA 5520 to 5510 VPN Not Creating IPSEC SA's

jtmullis82 · ‎10-06-2010

i have a L2L ipsec tunnel built between a 5520 and 5510. i am pretty sure i have configured everything i need to but when i do a show cry ipsec sa there is nothing there. i am sure the firewalls inbetween are opened up to allow the connections as well. also everytime i configured a part of the cryptomap like command: crypto map outside_map 10 set peer 6.7.0.13 it would come back with this error

[IKEv1]: Ignoring msg to mark SA with specified coordinates <outside_map, 10> dead.

any ideas?

Namit Agarwal · ‎10-06-2010

Hi,

Could you please paste the output of the following command "show run crypto" from both the ASAs. Also what do you see when you give "show cry isa sa".

Also if your crypto ACLs for the tunnel have something like this "access-list ACL extended permit tcp host 192.168.11.11 host 10.1.100.105 eq ftp"

Change the ACL to ip i.e. "access-list ACL extended permit ip host 192.168.11.11 host 10.1.100.105 " Let me know if that helps

Thanks,

Namit

View solution in original post

Namit Agarwal · ‎10-06-2010

Hi,

Could you please paste the output of the following command "show run crypto" from both the ASAs. Also what do you see when you give "show cry isa sa".

Also if your crypto ACLs for the tunnel have something like this "access-list ACL extended permit tcp host 192.168.11.11 host 10.1.100.105 eq ftp"

Change the ACL to ip i.e. "access-list ACL extended permit ip host 192.168.11.11 host 10.1.100.105 " Let me know if that helps

Thanks,

Namit