- Posts: 10
- Thank you received: 0
NO SPI to Identify phase 2
16 years 7 months ago #25905
by Sheikh
NO SPI to Identify phase 2 was created by Sheikh
i am trying to configure one more vpn through my ASA. my phase one is connected but it did not connect in ipsec phase
it shows me the following error when i check the syslog. can any one help me to resolve this.
Apr 28 2008 03:15:03 713900 Group = **** IP = ****
construct_ipsec_delete(): No SPI to identify Phase 2 SA!
waiting
it shows me the following error when i check the syslog. can any one help me to resolve this.
Apr 28 2008 03:15:03 713900 Group = **** IP = ****
construct_ipsec_delete(): No SPI to identify Phase 2 SA!
waiting
16 years 7 months ago #25907
by Elohim
Replied by Elohim on topic Re: NO SPI to Identify phase 2
Make sure that your crypto map references the same ipsec encryption on both sides and your acl allows the interesting traffic you want.
i am trying to configure one more vpn through my ASA. my phase one is connected but it did not connect in ipsec phase
it shows me the following error when i check the syslog. can any one help me to resolve this.
Apr 28 2008 03:15:03 713900 Group = X.Y.Z, IP = X.Y.Z
construct_ipsec_delete(): No SPI to identify Phase 2 SA!
waiting
16 years 7 months ago #25930
by Sheikh
Replied by Sheikh on topic Re: NO SPI to Identify phase 2
ya i checked that i have allowed the req traffic, but intersting thing is it is randonly coming,
16 years 7 months ago #25939
by Elohim
Replied by Elohim on topic Re: NO SPI to Identify phase 2
please post the config
16 years 7 months ago #26062
by Sheikh
Replied by Sheikh on topic Re: NO SPI to Identify phase 2
i have reconfigur that completly, now it change to another error which is "removing peer from peer table failed, no match!"
16 years 7 months ago #26153
by rm
Replied by rm on topic had this same error
i had this same error and was able to resolve it by checking the ipsec subnet on the host.
if the subnets don't match you will get:
construct_ipsec_delete(): No SPI to identify Phase 2 SA!
followed by the drop error.
just check to make sure the subnet of the host machine your attempting to connect to is correct.
if the subnets don't match you will get:
construct_ipsec_delete(): No SPI to identify Phase 2 SA!
followed by the drop error.
just check to make sure the subnet of the host machine your attempting to connect to is correct.
Time to create page: 0.132 seconds