Hot Downloads

Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: NO SPI to Identify phase 2

NO SPI to Identify phase 2 10 years 1 month ago #25905

  • Sheikh
  • Sheikh's Avatar Topic Author
  • Offline
  • New Member
  • New Member
  • Posts: 10
  • Thank you received: 0
i am trying to configure one more vpn through my ASA. my phase one is connected but it did not connect in ipsec phase
it shows me the following error when i check the syslog. can any one help me to resolve this.

Apr 28 2008 03:15:03 713900 Group = **** IP = ****
construct_ipsec_delete(): No SPI to identify Phase 2 SA!



waiting

Please Log in to join the conversation.

Re: NO SPI to Identify phase 2 10 years 1 month ago #25907

Make sure that your crypto map references the same ipsec encryption on both sides and your acl allows the interesting traffic you want.

i am trying to configure one more vpn through my ASA. my phase one is connected but it did not connect in ipsec phase
it shows me the following error when i check the syslog. can any one help me to resolve this.

Apr 28 2008 03:15:03 713900 Group = X.Y.Z, IP = X.Y.Z
construct_ipsec_delete(): No SPI to identify Phase 2 SA!



waiting

Please Log in to join the conversation.

Re: NO SPI to Identify phase 2 10 years 1 month ago #25930

  • Sheikh
  • Sheikh's Avatar Topic Author
  • Offline
  • New Member
  • New Member
  • Posts: 10
  • Thank you received: 0
ya i checked that i have allowed the req traffic, but intersting thing is it is randonly coming,:o

Please Log in to join the conversation.

Re: NO SPI to Identify phase 2 10 years 1 month ago #25939

please post the config

Please Log in to join the conversation.

Re: NO SPI to Identify phase 2 10 years 1 month ago #26062

  • Sheikh
  • Sheikh's Avatar Topic Author
  • Offline
  • New Member
  • New Member
  • Posts: 10
  • Thank you received: 0
i have reconfigur that completly, now it change to another error which is "removing peer from peer table failed, no match!"

Please Log in to join the conversation.

had this same error 10 years 1 month ago #26153

  • rm
  • rm's Avatar
  • Offline
  • New Member
  • New Member
  • Posts: 1
  • Thank you received: 0
i had this same error and was able to resolve it by checking the ipsec subnet on the host.

if the subnets don't match you will get:

construct_ipsec_delete(): No SPI to identify Phase 2 SA!

followed by the drop error.

just check to make sure the subnet of the host machine your attempting to connect to is correct.

Please Log in to join the conversation.

  • Page:
  • 1
  • 2
Time to create page: 0.162 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup