Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

VPN between Cisco ASA 5510 and Cisco RV180W Wireless Multifunction VPN Firewall

A business partner and myself are creating a Site to Site VPN between our organizations.  The tunnel seems to come up but then I get a strange error. IKE and IPSEC seems to get built correctly from what I am seeing in the firewall logs.  Here is the problem:

The remote peer and near peer are negotiating correctly:

The remote peer has created a one to one NAT on the RV180W for the workstation that will be connecting to a specific host on the local end  This address is different than the public address of the Peer.  This host appears to be working correctly, when they perform a "what is my IP" on the internet this address comes up.  When they initiate a connection from the remote host to the local host I see the tunnel allow the connection but then it follows with the following error:

IPSEC: Received an ESP packet (SPI= 0xE237DB8E, sequence number= 0x549) from REMOTE PEER to LOCAL PEER.  The decapsulated inner packet doesn't match the negotiated policy in the SA.  The packet specifies its destination as LOCAL HOST IP, its source as REMOTE HOST PRIVATE IP, and its protocol as tcp.  The SA specifies its local proxy as LOCAL HOST IP and its remote_proxy as REMOTE HOST NAT'ED IP.

Best I can tell the NAT on the remote end is configured correctly, and all policies and NATs are configured correctly on the local end, but this error saying that the remote host ip is initiating the connection when it should be NATed.  I am unfamiliar with the RV180W device as it is a SOHO device and it can only be configured using the GUI according to the person that I am working with.  

The strange thing is that there is another firewall between the VPN terminating the device and the local host.  I am seeing the hit count on the ACL increment but the connection is never successful.

CreatePlease to create content