Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA5502 L2L VPN with AWS VPC

Trying to build L2L VPN with AWS VPC.  Run into problem at the Phase-2.

local3.notice %ASA-5-713119: Group = xx.xx.xx.xx, IP = xx.xx.xx.xx, PHASE 1 COMPLETED

local3.err %ASA-3-713061: Group = xx.xx.xx.xx, IP = xx.xx.xx.xx, Rejecting IPSec tunnel: no matching crypto map entry for remote proxy 0.0.0.0/0.0.0.0/0/0 local proxy 0.0.0.0/0.0.0.0/0/0 on interface Outside-IF

local3.err %ASA-3-713902: Group = xx.xx.xx.xx, IP = xx.xx.xx.xx, QM FSM error (P2 struct &0x76073780, mess id 0xe4fcc2a0)!

local3.err %ASA-3-713902: Group = xx.xx.xx.xx, IP = xx.xx.xx.xx, Removing peer from correlator table failed, no match!

local3.notice %ASA-5-713259: Group = xx.xx.xx.xx, IP = xx.xx.xx.xx, Session is being torn down. Reason: crypto map policy not found

local3.warn %ASA-4-113019: Group = xx.xx.xx.xx, Username = xx.xx.xx.xx, IP = xx.xx.xx.xx, Session disconnected. Session Type: LAN-to-LAN, Duration: 0h:00m:00s, Bytes xmt: 0, Bytes rcv: 0, Reason: crypto map policy not found

I check my config against the "AWS ASA template", and I can't figure out why it wasn't working.

Of course when try to get help from AWS support, they keep saying that it is my ASA configuraiton problem causing that.

They suggest add the following to my ASA config, but I am not convinced that those are my trouble. 

crypto ipsec df-bit clear-df outside_interface
crypto ipsec security-association replay window-size 128
crypto ipsec fragmentation before-encryption Outside-IF
sysopt connection tcpmss 1387

Any suggestions?  BTW, I am running ASA version 8.4.6.

2 REPLIES
New Member

Re: ASA5502 L2L VPN with AWS VPC

Check if the encryption algorithm matches on the phase 2

Silver

Re: ASA5502 L2L VPN with AWS VPC

Match your crypto access-list entries on both the devices as well.

902
Views
5
Helpful
2
Replies
CreatePlease login to create content