Rejecting IPSec tunnel: no matching crypto map entry for remote proxy on interface outside.
I have read a problem where the VPN between an ISP and ourselves started dropping sessions. I have rebuilt the crypto map and tried to dig deeper into my config and some basic troubleshooting while I await the ISP to respond.
5 Jun 13 15:46:25 713904 IP = 209.183.xxx.xxx, Received encrypted packet with no matching SA, dropping
4 Jun 13 15:46:25 113019 Group = 209.183.xxx.xxx, Username = 209.183.xxx.xxx, IP = 209.183.xxx.xxx, Session disconnected. Session Type: IKE, Duration: 0h:00m:00s, Bytes xmt: 0, Bytes rcv: 0, Reason: crypto map policy not found
3 Jun 13 15:46:25 713902 Group = 209.183.xxx.xxx, IP = 209.183.xxx.xxx, Removing peer from correlator table failed, no match!
3 Jun 13 15:46:25 713902 Group = 209.183.xxx.xxx, IP = 209.183.xxx.xxx, QM FSM error (P2 struct &0xda90f540, mess id 0x76c09eb7)!
3 Jun 13 15:46:25 713061 Group = 209.183.xxx.xxx, IP = 209.183.xxx.xxx, Rejecting IPSec tunnel: no matching crypto map entry for remote proxy 172.16.0.0/255.255.240.0/0/0 local proxy 0.0.0.0/0.0.0.0/0/0 on interface outside
5 Jun 13 15:46:25 713119 Group = 209.183.xxx.xxx, IP = 209.183.xxx.xxx, PHASE 1 COMPLETED
6 Jun 13 15:46:25 113009 AAA retrieved default group policy (DfltGrpPolicy) for user = 209.183.xxx.xxx
6 Jun 13 15:46:25 713172 Group = 209.183.xxx.xxx, IP = 209.183.xxx.xxx, Automatic NAT Detection Status: Remote end is NOT behind a NAT device This end is NOT behind a NAT device
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...