Hot Downloads

Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: NO SPI to Identify phase 2

NO SPI to Identify phase 2 8 years 4 months ago #25905

  • Sheikh
  • Sheikh's Avatar
  • Offline
  • New Member
  • Posts: 10
  • Karma: 0
i am trying to configure one more vpn through my ASA. my phase one is connected but it did not connect in ipsec phase
it shows me the following error when i check the syslog. can any one help me to resolve this.

Apr 28 2008 03:15:03 713900 Group = **** IP = ****
construct_ipsec_delete(): No SPI to identify Phase 2 SA!



waiting
The administrator has disabled public write access.

Re: NO SPI to Identify phase 2 8 years 4 months ago #25907

  • Elohim
  • Elohim's Avatar
  • Offline
  • Senior Member
  • Posts: 220
  • Karma: 0
Make sure that your crypto map references the same ipsec encryption on both sides and your acl allows the interesting traffic you want.
i am trying to configure one more vpn through my ASA. my phase one is connected but it did not connect in ipsec phase
it shows me the following error when i check the syslog. can any one help me to resolve this.

Apr 28 2008 03:15:03 713900 Group = X.Y.Z, IP = X.Y.Z
construct_ipsec_delete(): No SPI to identify Phase 2 SA!



waiting
The administrator has disabled public write access.

Re: NO SPI to Identify phase 2 8 years 4 months ago #25930

  • Sheikh
  • Sheikh's Avatar
  • Offline
  • New Member
  • Posts: 10
  • Karma: 0
ya i checked that i have allowed the req traffic, but intersting thing is it is randonly coming,:o
The administrator has disabled public write access.

Re: NO SPI to Identify phase 2 8 years 4 months ago #25939

  • Elohim
  • Elohim's Avatar
  • Offline
  • Senior Member
  • Posts: 220
  • Karma: 0
please post the config
The administrator has disabled public write access.

Re: NO SPI to Identify phase 2 8 years 4 months ago #26062

  • Sheikh
  • Sheikh's Avatar
  • Offline
  • New Member
  • Posts: 10
  • Karma: 0
i have reconfigur that completly, now it change to another error which is "removing peer from peer table failed, no match!"
The administrator has disabled public write access.

had this same error 8 years 4 months ago #26153

  • rm
  • rm's Avatar
  • Offline
  • New Member
  • Posts: 1
  • Karma: 0
i had this same error and was able to resolve it by checking the ipsec subnet on the host.

if the subnets don't match you will get:

construct_ipsec_delete(): No SPI to identify Phase 2 SA!

followed by the drop error.

just check to make sure the subnet of the host machine your attempting to connect to is correct.
The administrator has disabled public write access.
  • Page:
  • 1
  • 2
Time to create page: 0.082 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup