Yes sir. I called cisci tac and according to the asa team, the tunnel cannot be created because the juniper is not the session to be created due to some missmatches. -------------------------- Sent using BlackBerry ----- Original Message ----- From: Chris Russell [mailto:chris@nifry.com] Sent: Friday, July 08, 2011 06:09 PM To: Michael Ruiz Cc: nanog@nanog.org <nanog@nanog.org> Subject: Re: <Need Help - Cisco ASA 8.4.1 to Juniper SSG-550 6.2.0r1.0VPN Configuration>
Sending 5, 100-byte ICMP Echos to 10.1.4.81, timeout is 2 seconds: IPSEC(crypto_map_check)-3: Looking for crypto map matching 5-tuple: Prot=1, saddr=10.20.1.2, sport=29733, daddr=10.1.4.81, dport=29733 IPSEC(crypto_map_check)-5: Checking crypto map CARIBOU-VPN-1 10: skipping incomplete map. No peer, access-list or transform-set specified. IPSEC(crypto_map_check)-1: Error: No crypto map matched.
From my understanding this is caused by the crypto map not being able to establish a tunnel to the Juniper.
From that log, the Cisco is missing numerous configuration items: No peer, access-list or transform-set specified. Do you have the above specified in the crypto map within the ASA ? Cheers Chris CONFIDENTIALITY NOTICE: This message is intended only for the individual or entity to which it is addressed and may contain information that is confidential or exempt from disclosure under applicable law. If you are not the intended recipient, you have received this communication in error. In such case, please notify us immediately by reply e-mail and immediately delete this message and its attachments. Any use, dissemination, redistribution or reproduction of this communication is strictly prohibited. Unless the message explicitly states otherwise, no e-mail correspondence claims to be a contractual offer or acceptance. LST Financial has instructed its employees not to send libelous or inappropriate statements and disclaims responsibility for such. Subject to applicable law, LST Financial may monitor, review and retain e-communications traveling through its networks/systems. By messaging with LST Financial you consent to the foregoing. CONFIDENTIALITY NOTICE: This message is intended only for the individual or entity to which it is addressed and may contain information that is confidential or exempt from disclosure under applicable law. If you are not the intended recipient, you have received this communication in error. In such case, please notify us immediately by reply e-mail and immediately delete this message and its attachments. Any use, dissemination, redistribution or reproduction of this communication is strictly prohibited. Unless the message explicitly states otherwise, no e-mail correspondence claims to be a contractual offer or acceptance. LST Financial has instructed its employees not to send libelous or inappropriate statements and disclaims responsibility for such. Subject to applicable law, LST Financial may monitor, review and retain e-communications traveling through its networks/systems. By messaging with LST Financial you consent to the foregoing.