GroupStudy.com GroupStudy.com - A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
RE: PIX VPN Problem [7:111150] posted 06/23/2006
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]


Check your crypto dynamic map config and transform sets.... 

-----Original Message-----
From: nobody@xxxxxxxxxxxxxx [mailto:nobody@xxxxxxxxxxxxxx] 
Sent: 22 June 2006 21:42 PM
To: cisco@xxxxxxxxxxxxxx
Subject: PIX VPN Problem [7:111150]

I'm trying to setup a Pix 515 ver7.0(4) with NAT and VPN.  Nothing
crazy, public IP on the outside interface, private network on inside
interface. 
Separate IP pool for VPN.  When I try to connect to the VPN I get this
from log.  Please advise!:

IP = 172.16.16.248, Received encrypted packet with no matching SA,
dropping

Group = modvpn, Username = detech, IP = 172.16.16.248, Session
disconnected.
Session Type: IPSec, Duration: 0h:00m:00s, Bytes xmt: 0, Bytes rcv: 0,
Reason: crypto map policy not found

Group = modvpn, Username = detech, IP = 172.16.16.248, Removing peer
from correlator table failed, no match!

Group = modvpn, Username = detech, IP = 172.16.16.248, QM FSM error (P2
struct &0x1fda468, mess id 0xd018d25c)!

Group = modvpn, Username = detech, IP = 172.16.16.248, Rejecting IPSec
tunnel: no matching crypto map entry for remote proxy
10.0.1.1/255.255.255.255/0/0 local proxy 0.0.0.0/0.0.0.0/0/0 on
interface outside

Group = modvpn, Username = detech, IP = 172.16.16.248, PHASE 1 COMPLETED

Group = modvpn, Username = detech, IP = 172.16.16.248, Assigned private
IP address 10.0.1.1 to remote user

Group = modvpn, Username = detech, IP = 172.16.16.248, Client Type:
WinNT Client Application Version: 4.6.01.0019

Group = modvpn, Username = detech, IP = 172.16.16.248, Received unknown
transaction mode attribute: 28683

Group = modvpn, Username = detech, IP = 172.16.16.248, Received
unsupported transaction mode attribute: 5

AAA transaction status ACCEPT : user = detech

AAA retrieved default group policy (modvpn) for user = detech

AAA user authentication Successful : local database : user = detech
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote also confirms that this email message has been scanned
by Symantec Mail Security for the presence of any viruses.
**********************************************************************




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=111174&t=111150
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html