Skip to main content

NO SPI to Identify phase 2

More
16 years 6 months ago #25905 by Sheikh
i am trying to configure one more vpn through my ASA. my phase one is connected but it did not connect in ipsec phase
it shows me the following error when i check the syslog. can any one help me to resolve this.

Apr 28 2008 03:15:03 713900 Group = **** IP = ****
construct_ipsec_delete(): No SPI to identify Phase 2 SA!



waiting
More
16 years 6 months ago #25907 by Elohim
Make sure that your crypto map references the same ipsec encryption on both sides and your acl allows the interesting traffic you want.

i am trying to configure one more vpn through my ASA. my phase one is connected but it did not connect in ipsec phase
it shows me the following error when i check the syslog. can any one help me to resolve this.

Apr 28 2008 03:15:03 713900 Group = X.Y.Z, IP = X.Y.Z
construct_ipsec_delete(): No SPI to identify Phase 2 SA!



waiting

More
16 years 6 months ago #25930 by Sheikh
ya i checked that i have allowed the req traffic, but intersting thing is it is randonly coming,:o
More
16 years 6 months ago #25939 by Elohim
please post the config
More
16 years 6 months ago #26062 by Sheikh
i have reconfigur that completly, now it change to another error which is "removing peer from peer table failed, no match!"
More
16 years 6 months ago #26153 by rm
Replied by rm on topic had this same error
i had this same error and was able to resolve it by checking the ipsec subnet on the host.

if the subnets don't match you will get:

construct_ipsec_delete(): No SPI to identify Phase 2 SA!

followed by the drop error.

just check to make sure the subnet of the host machine your attempting to connect to is correct.
Time to create page: 0.132 seconds