Hot Downloads

×

Notice

The forum is in read only mode.
Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: NO SPI to Identify phase 2

NO SPI to Identify phase 2 10 years 11 months ago #25905

  • Sheikh
  • Sheikh's Avatar Topic Author
  • Offline
  • New Member
  • New Member
  • Posts: 10
  • Thank you received: 0
i am trying to configure one more vpn through my ASA. my phase one is connected but it did not connect in ipsec phase
it shows me the following error when i check the syslog. can any one help me to resolve this.

Apr 28 2008 03:15:03 713900 Group = **** IP = ****
construct_ipsec_delete(): No SPI to identify Phase 2 SA!



waiting

Re: NO SPI to Identify phase 2 10 years 11 months ago #25907

Make sure that your crypto map references the same ipsec encryption on both sides and your acl allows the interesting traffic you want.

i am trying to configure one more vpn through my ASA. my phase one is connected but it did not connect in ipsec phase
it shows me the following error when i check the syslog. can any one help me to resolve this.

Apr 28 2008 03:15:03 713900 Group = X.Y.Z, IP = X.Y.Z
construct_ipsec_delete(): No SPI to identify Phase 2 SA!



waiting

Re: NO SPI to Identify phase 2 10 years 11 months ago #25930

  • Sheikh
  • Sheikh's Avatar Topic Author
  • Offline
  • New Member
  • New Member
  • Posts: 10
  • Thank you received: 0
ya i checked that i have allowed the req traffic, but intersting thing is it is randonly coming,:o

Re: NO SPI to Identify phase 2 10 years 11 months ago #25939

please post the config

Re: NO SPI to Identify phase 2 10 years 11 months ago #26062

  • Sheikh
  • Sheikh's Avatar Topic Author
  • Offline
  • New Member
  • New Member
  • Posts: 10
  • Thank you received: 0
i have reconfigur that completly, now it change to another error which is "removing peer from peer table failed, no match!"

had this same error 10 years 11 months ago #26153

  • rm
  • rm's Avatar
  • Offline
  • New Member
  • New Member
  • Posts: 1
  • Thank you received: 0
i had this same error and was able to resolve it by checking the ipsec subnet on the host.

if the subnets don't match you will get:

construct_ipsec_delete(): No SPI to identify Phase 2 SA!

followed by the drop error.

just check to make sure the subnet of the host machine your attempting to connect to is correct.
  • Page:
  • 1
  • 2
Time to create page: 0.108 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup