Strange ASA to ASA IPsec problem
So today a customer was upgrading a Pix to an ASA and also changing their external IP address so we needed to update the tunnel information and a few commands on their ASA to support the newer image. We were getting an error on the phase 2 that read ‘Could not delete route for L2L peer that came in on a dynamic map‘. After a little fooling around I noticed that the dynamic crypto map had an id of 10 and the site-to-site had an id of 47. After I had tried recreating the tunnel on both sides just to verify everything was entered correctly I decided to change the site-to-site’s id to 7 so that it would be before the dynamic map. This change brought the tunnel up successfully much to my chagrin. I have multiple configurations where the site-to-site is listed after the dynamic map and they work just fine, I hope some further research will answer this for me.
Tags: asa, Cisco, crypto, ipsec, pix, vpn
You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
Leave a Reply