Dear Expert,
I have a question about a Cisco FW (ASA5520+ with v8.2(2)) setup to connect
a Netscreen SSG20 for Site-to-Site VPN tunnel.
Tunnel negotiation was completed Phase1 & Phase2. Private traffic initiated
from ASA side(10.194.x.x) to Netscreen side(192.168.x.x) but seems there is
unreachable. And some of message occurs in ASA while packet return back from
Netscreen side as follow. Is anything wrong in configuration to triggle for
these message????
P'se help!!! Thank.
firewall log
==============
4|Mar 15 2011 12:26:53|402116: IPSEC: Received an ESP packet (SPI=
0x24F592BC, sequence number= 0x1) from 210.x.x.x (user= 210.x.x.x) to
203.x.x.x. The decapsulated inner packet doesn't match the negotiated
policy in the SA. The packet specifies its destination as 203.x.x.x, its
source as 210.x.x.x, and its protocol as 1. The SA specifies its local
proxy as 10.194.x.x/255.255.255.255/0/0 and its remote_proxy as 192.168.x.x/
255.255.255.255/0/0.
Regards,
Kawaii
Blogs and organic groups at http://www.ccie.net
Received on Wed Mar 16 2011 - 16:25:17 ART
This archive was generated by hypermail 2.2.0 : Fri Apr 01 2011 - 06:35:41 ART