The problem we have is after 8 hours the phase 2 tries to rekey, and the renegotiation does not match what it did the first time. The ASA sees it picked up by the outside_dyn_map crypto map, as for some reason it is not matched by my defined VPNMAP crypto map which is what it needs to work properly.
peer address: 200.x.x.x
Crypto map tag: outside_dyn_map, seq num: 50, local addr: 80.x.x.x
access-list ODAM permit ip 10.1.1.0 255.255.255.0 192.168.1.0 255.255.255.0
local ident (addr/mask/prot/port): (10.1.1.0/255.255.255.0/0/0)
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...