[c-nsp] asa ipsec problem
Sergey Alexanov
salexanov at gmail.com
Mon Jun 2 07:45:56 EDT 2008
Hello all,
While configuring ipsec tunnel between ASA and ISR 1811 I've got some
negative issues:
pc host (192.168.56.1) <-----> (inside 192.168.56.56) ASA (outside x.x.x.56)
<-------> (outside x.x.x.55) ISR (lo 192.168.55.55)
When I ping from ISR to ASA everyting is ok:
ISR# ping ip 192.168.56.1 source 192.168.55.55
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.56.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.55.55
.!!!!
ASA# sh isa sa
Active SA: 1
Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)
Total IKE SA: 1
1 IKE Peer: 82.144.192.55
Type : L2L Role : responder
Rekey : no State : MM_ACTIVE
But in vise versa ipsec tunnel is not established:
ASA# clear isa sa
PC host# ping -c 2 192.168.55.55
PING 192.168.55.55 (192.168.55.55) 56(84) bytes of data.
--- 192.168.55.55 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1010ms
and on the ASA I have seen follow debug messages:
Jun 02 03:18:07 [IKEv1]: IKE Initiator unable to find policy: Intf inside,
Src: 192.168.56.1, Dst: 192.168.55.55
Jun 02 03:18:16 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi
0x0
Jun 02 03:18:16 [IKEv1]: IKE Initiator unable to find policy: Intf inside,
Src: 192.168.56.1, Dst: 192.168.55.55
Jun 02 03:18:17 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi
0x0
Can anybody help me with this problem?
Thanks.
More information about the cisco-nsp
mailing list