I have a weird problem with a VPN i have to configure.
All the config is correct and the VPN is up and running (so it seems).
I do get inbound traffic but no outbound when i look in the ASDM i get the following syslog message:
%ASA-3-713042: IKE Initiator unable to find policy: Intf
outside, Src: 172.23.1.12, Dst: 10.100.3.115
I have never seen this problem before and Cisco advises to check the access-lists but these are correct. Has any one experienced this problem before ? and if so what did you do to fix it ?
Ill post the bits of the config that matter here:
access-list nonat extended permit ip host 172.23.1.12 10.100.2.0 255.255.255.0
access-list nonat extended permit ip host 172.23.1.12 10.100.3.0 255.255.255.0
nat (inside) 0 access-list nonat
access-list VPNordina extended permit ip host 172.23.1.12 10.100.2.0 255.255.255.0
access-list VPNordina extended permit ip host 172.23.1.12 10.100.3.0 255.255.255.0
crypto map remote 10 match address VPNordina
crypto map remote 10 set peer 81.XXX.XXX.XXX
crypto map remote 10 set transform-set standaard
2 IKE Peer: 81.XXX.XXX.XXX
Type : L2L Role : responder
Rekey : no State : MM_ACTIVE
local ident (addr/mask/prot/port): (172.23.1.12/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (10.100.2.0/255.255.254.0/0/0)
Well the problem was at the other side...they messed up their access-list. They reconfigured the access-list and the tunnel worked perfectly.
This is exactly the reason why i dont like making VPN tunnels with a 3rd party. >.<
Currently working as Cisco Engineer at Neon-Networking.
CCNA - Have it
CCNA Security - Have it
CCSP - Almost!!!!
CCIE Security - Not so far away dream