Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA: Site-to-Site using dynamic IP (ISP)

Hi,

I tried to configure a Site-to-Site VPN using an ASA 5520. The remote peer (Draytec 2950) has an internet connection using dynamic ip addresses. At my ASA I did create an connection profile. If I set the current wan-ip-address of the remote peer the tunnel will become active and the site-to-site vpn is working fine. But if I disable 'Peer IP Address = static' at the connection profile, the vpn will not work...

Error messages:

Aug  1 09:24:15 ASA-5520 :%ASA-vpn-4-713903: IP = <current-wan-ip-of-remote-peer>, Header invalid, missing SA payload! (next payload = 4)

Aug  1 09:25:00 ASA-5520 :%ASA-vpn-4-713903: Group = <current-wan-ip-of-remote-peer>, IP = <current-wan-ip-of-remote-peer>, Can't find a valid tunnel group, aborting...!

thank you in advance

kind regards

daniel

  • VPN
Everyone's tags (4)
748
Views
0
Helpful
0
Replies