Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Initiator unable to find policy: Intf external

Status
Not open for further replies.
mktck

mktck

Technical User
Feb 9, 2009
31
0
0
SG
Hi,

An IPSec tunnel is established between ASA5505 and ASA5520. Phase 1 and 2 are both completed.

I am able to ping the 'Internal' interface IP of the ASA5520 from the laptop connected to E0/1 of ASA 5505, but I get "Destination Host Unreachable" when I ping a Server connected on an unmanaged switch which is inturn, connected to E0/1 of the ASA5520. I am also able to telnet into the ASA 5520 from the laptop connected to ASA 5505.

I am able to ping ASA 5505 'Inside' interface and the laptop from the 'Internal' interface of ASA 5520 using the 'Ping Internal <ASA 5505 IP>' command.

I am getting the following error at the ASA5520 side when i try to ping 172.17.0.2:

3 Aug 18 2009 00:39:50 713042 IKE Initiator unable to find policy: Intf external, Src: 172.17.0.1, Dst: 63.237.x.x

The following is my crypto map so far:
================================================
crypto map gigabitether1_map 40 match address internal_1_cryptomap
crypto map gigabitether1_map 40 set pfs
crypto map gigabitether1_map 40 set peer 172.17.0.40
crypto map gigabitether1_map 40 set transform-set ESP-3DES-SHA
crypto map gigabitether1_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map gigabitether1_map interface internal
crypto map external_map 50 match address external_1_cryptomap
crypto map external_map 50 set pfs
crypto map external_map 50 set peer 63.237.x.x
crypto map external_map 50 set transform-set ESP-3DES-SHA
crypto map management_map 1 match address external_cryptomap
crypto map management_map 1 set peer 38.104.x.x 62.73.x.x
crypto map management_map 1 set transform-set ESP-3DES-SHA
crypto map management_map 2 match address external_2_cryptomap
crypto map management_map 2 set pfs
crypto map management_map 2 set peer 67.148.x.x
crypto map management_map 2 set transform-set ESP-3DES-SHA
crypto map management_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map management_map interface external
crypto map management_map interface management
crypto ca trustpoint ASDM_TrustPoint0
=======================================================

Could the error be due to issues from my crypto map? noticed management_map have 2 differet tunnels.
 
Sort by date Sort by votes
Here is the full error line:

IKE Initiator unable to find policy: Intf external, Src: 172.17.0.1, Dst: 63.237.x.x
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

MP2023
  • Locked
  • Question
How to Create an site to site VPN
Replies
1
Views
169
sircles
sircles
F
  • Question
some IP Phone not working over site-to-site OpenVPN, packets modified on other side of tunnel
Replies
0
Views
1K
FrankSider12
F
RogerRuntings
  • Locked
  • Question
VPN at Head Office to allow agents working from home to communicate (VOIP) with an external dialer
Replies
3
Views
255
iggsterman
iggsterman
Randy_F
  • Locked
  • Question
Need to connect to a VPN on startup... how to run a script that will automatically reconnect
Replies
0
Views
161
Randy_F
Randy_F
lecarbajal
  • Locked
  • Question
Policy NAT for traffic coming from VPN L2L
Replies
0
Views
34
lecarbajal
lecarbajal

Part and Inventory Search

Sponsor

Back
Top