Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
9142
Views
0
Helpful
15
Replies

VPN Tunnel (is inactive due to Internal Error)

Gerald74
Level 1
Level 1

‎03-12-2021 01:56 AM - edited ‎03-12-2021 01:57 AM

Hello,

 

I have three FTD 6.6.1 managed by FMC 6.6.1, all three are the mesh topology.

I got the following error message:

 

Tunnel Manager failed to dispatch a KEY_ACQUIRE message.
Probable mis-configuration of the crypto map or tunnel-group. Map Tag = unknown. Map Sequence Number = 0.

Tunnel Manager has failed to establish an L2L SA. All configured IKE versions failed to establish the tunnel. Map Tag= CSM_outside_map. Map Sequence Number = 2.

 

The tunnel goes down then nothing works properly in the network.

I tried all IKE2 version nothing works.

 

Thank you.

Labels:
0 Helpful
15 Replies 15

Gerald74
Level 1
Level 1
In response to Scott Leport

‎03-17-2021 05:04 AM

Hi Scott,

thank you for your answer. NAT exemption is there on the SiteA, comunication between all three ftds as well Anyconnect works very well. But I got some time this error.

object network NET-RA-VPN
nat (outside,outside) dynamic interface

 

Look here (see log file) what is happens when I run debug.

 

thanks gerald

 

 

Preview file
110 KB
0 Helpful
Customers Also Viewed These Support Documents