Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

No SPI to identify phase 2 SA!

I am trying to set up site to site vpn between an asa 5510 and 5505. I ran startup wizard and VPN site to site wizard on both. When I try to ping the remote site it fails and no tunnle is brought up. The message in the log is

"NO SPI to Identify Phase 2 SA!"

Any ideas?

1 REPLY
Cisco Employee

Re: No SPI to identify phase 2 SA!

Hi,

This basically means that the ASA does not have an IPSEC SA built. Please refer the below URL and make sure that the configuration is correct on both the ASA's

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080950890.shtml

If you are still having issues, then post the configuration from the ASA along with Isakmp and IPSEC Debugs.

Regards,

Arul

*Pls rate all helpful posts*

968
Views
0
Helpful
1
Replies
CreatePlease to create content