I am testing VPN tunnels in a lab. I have the following (simple) setup:
-one ASA5505 has an "inside" interface with address 184.108.40.206/24 and an "outside" interface with address 220.127.116.11/24
-one computer with address 18.104.22.168/24 ("Client") is connected to the "inside" interface
-one ASA5510 has an "inside" interface with address 22.214.171.124/24 and an "outside" interface with address 126.96.36.199/24
-one computer with address 188.8.131.52/24 ("Server") is connected to the "inside" interface
-both "outside" interfaces are connected through a layer 2 switch
I had a VPN tunnel between them using "Main mode", and that worked without a problem.
But in my target system, the ASA5505 will be connected to a router with a dynamic IP address, and so I need to use "Aggressive mode", where the ASA5510 will have a static address on the "outside" interface. The ASA5505 will therefore initiate the VPN session.
I am using the ASDM, by the way.
I have the VPN tunnel established, but I am unable to ping from either side.
When I ping the Server from the Client, the ASA5505 gives me the expected "Built/Teardown ICMP connection...", but the ASA5510 says "IKE Initiator unable to find policy: Intf inside, Src: 184.108.40.206, Dst: 220.127.116.11". So the ping makes it to the Server, but the reply can't find its way back out.
When I ping the client from the Server, I get the same message on the ASA5510: "IKE Initiator unable to find policy: Intfc inside, Src: 18.104.22.168, Dst: 22.214.171.124".
I attach the configuration on the ASA5510.
I checked similar posts, but the root problem seemed to be different.
I just ran into an issue with the same message. My problem was that there was another tunnel setup with the same remote end IP address. So there were two tunnels with the same destination subnet on two separate crypto maps and the firewall didn't know which tunnel to send them across.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...