I have remote access VPN issue, like this description (link is below):
Cisco Device: ASA 5510 Security plus
It's a very common issue and generally happens when you try to connect the VPN client from the same location which has a site to site VPN with the device. For example if you try to connect the VPN client to the ASA and your public Ip is 184.108.40.206 and on the same ASA if you have a Site to Site VPN already connnect with an IP address 220.127.116.11 you will see the following error in the debug:
"cannot match peerless map when peer found in previous map entry."
Here are error logs:
%ASA-6-713905: Group = UserGroup, Username = User, IP = A.A.A.A, Skipping dynamic map SYSTEM_DEFAULT_CRYPTO_MAP sequence 65535: cannot match peerless map when peer found in previous map entry.
%ASA-3-713061: Group = UserGroup, Username = User, IP = A.A.A.A, Rejecting IPSec tunnel: no matching crypto map entry for remote proxy 10.37.10.250/255.255.255.0//0/0 local proxy 0.0.0.0/0.0.0.0/0/0 on interface outside
I've got the same issue on ASA-SM (9.1(3)). As far as I know ASA can't create new ISAKMP SA try to connect by VPNclient from location which has a L2L VPN with ASA. It must uniquely identify remote peer at Phase 1 in order to create the SA phase 1 after peer authentication. I guess your issue is connecting with enabled NAT-T feature in Dynamic crypto. So what cisco talk about this:
"The ASA supports multiple IPsec peers behind a single NAT/PAT device operating in one of the following networks, but not both:
In a mixed environment, the remote access tunnels fail the negotiation because all peers appear to be coming from the same public IP address, address of the NAT device. Also, remote access tunnels fail in a mixed environment because they often use the same name as the LAN-to-LAN tunnel group (that is, the IP address of the NAT device). This match can cause negotiation failures among multiple peers in a mixed LAN-to-LAN and remote access network of peers behind the NAT device."
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :