Cisco Support Community
Community Member

VPN Site-to-Site Dynamic (RV082) to Static (Pix 515e v8.x) with NAT (Errors)


Please help me, how can i set-up something right with this 2 machines?


Group = DefaultRAGroup, IP =, Error: Unable to remove PeerTblEntry
Group = DefaultRAGroup, IP =, Removing peer from peer table failed, no match!
Group = DefaultRAGroup, IP =, IKE AM Responder FSM error history (struct &0x3322c70) <state>, <event>: AM_DONE, EV_ERROR-->AM_SND_MSG2, EV_SND_MSG-->AM_SND_MSG2, EV_START_TMR-->AM_BLD_MSG2, EV_BLD_MSG2_TRL-->AM_BLD_MSG2, EV_SKEYID_OK-->AM_BLD_MSG2, NullEvent-->AM_BLD_MSG2, EV_GEN_SKEYID-->AM_BLD_MSG2, EV_BLD_MSG2_HDR
IP =, Received ISAKMP Aggressive Mode message 1 with unknown tunnel group name ''.

Pix (Static):

NAT Rules:
(inside) 2 Exempt to Interface Outbound
(inside) 9 Dynamic any Interface Outside

ACL Manager:
outside_crypto_map_1 1 any to any Service: ip enable
inside_nat0_outbound nach


Group Policies
GroupPolicyIPsec internal IPSEC kein AAA Server Group

Tunnel Groups
DefaultL2LGroup IPsec Protocol GroupPolicyIPsec mit Pre-Shared Key (same of the 2 machines) - IKE Peer ID Validation : Do not check (Monitor Keep alives)

Crypto Maps

Interface outside - dynamic 1.1 any to any Service:ip - protected - ESP-DES-MD5 - PFS:group1 - NAT-T: aktiviert SA Lifetime 08:00:00 or 4608000 KB (Perfect Forwarding Secrecy D-H Group 1) and Default dynamic 65535.65535 for every Transform-Set

IKE Policies

10 - 3des - sha - D-H Group 2 - pre-share – 86400
9 - 3des - md5 - D-H Group 2 - pre-share - 28800

Certificate to Connection Profile Maps
Use the IKE identity to determine the group
Default to group: DefaultL2LGroup

RV082 (Dynamic)

Wan 1 PPPoE
Keep Alive interval 30 sec
Redial Period 30 sec


Tunnel N°1 DefaultL2LGroup - Schnittstelle WAN1 - Local IP Only - Dynamic - (IP Range bis 254) - Remote IP Only - Ip adresse - (IP range bis 254)

IPsec Setup
IKE with Preshared key -
Phase 1: DH Group2 - 3DES - MD5 - LifeTime 28800
Perfect Forward Secrecy gescheckt
Phase 2: DH Group1 - DES - MD5 - LifeTime 28800
Preshared Key: as Pix

Am I forgotten or missed something?

On the Pix are connections set with Remote Access VPN (Split Tunnel).

Thank you ahead for all your help.

All The Best


CreatePlease to create content