Firewall Wizards mailing list archives

Re: Cisco ASA IKE Initiator unable to find policy

From: "Dave Love" <dlove () verticalsystemsinc net>
Date: Wed, 26 Nov 2008 08:08:28 -0600

I had a similar issue. I fixed it by recreating a new policy from
scratch and assigning a different encryption/Hash to the policy that was
unique from everything else. Also, make sure to label your crypto policy
to be the lowest number.

-----Original Message-----
From: firewall-wizards-bounces () listserv icsalabs com
[mailto:firewall-wizards-bounces () listserv icsalabs com] On Behalf Of
Jens Brey
Sent: Wednesday, November 12, 2008 12:05 PM
To: Firewall Wizards Security Mailing List
Subject: [fw-wiz] Cisco ASA IKE Initiator unable to find policy

Dear all,

i have the following problem. I have a ASA 5520 running 8.0.4. After 
some time, i see the following problem. Some of the Site-to-Site VPN 
tunnels terminated on the device doesn't pass any traffic anymore, but 
the VPN tunnel itself is still up.

It looks like the cryptomap looses the assignment to the ACL policy and 
so, i see the following messages in the Cisco log:

"IKE Initiator unable to find policy"

I saw this behaviour also under 8.0.3.

Somebody a idea?

Regards,
Jens
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Cisco ASA IKE Initiator unable to find policy Jens Brey (Nov 26)
- Re: Cisco ASA IKE Initiator unable to find policy Darden, Patrick S. (Nov 26)
- Re: Cisco ASA IKE Initiator unable to find policy Dave Love (Nov 26)
- Re: Cisco ASA IKE Initiator unable to find policy Lord Sporkton (Nov 26)