VPN Tunnel - Crypto map policy error

Asked Jun 05 '18 at 18:37

Active Jun 05 '18 at 18:37

Viewed 1,654 times

Good day!

GCP reports the following error: The peer gateway notifies: Proposal mismatch in CHILD SA (phase 2), Please look at peer logs.

On the ASA 5505 side I'm getting: Map Policy not found for remote traffic selector 0.0.0.0/255.255.255.255/0/65535/0 local traffic selector 0.0.0.0/255.255.255.255/0/65535/0!

Is my routing all wrong on the firewall? Static routes, maybe?

Cheers, Andrew

asked Jun 05 '18 at 18:37

Andrew H

Could it be you are in a situation where the initiator sends an all acceptable traffic range? https://blogs.technet.microsoft.com/networking/2015/12/27/windows-server-2012-r2-vpn-interoperability-with-cisco-asa/ – Gerrit Jun 05 '18 at 19:31
I ended up recreating the tunnel from scratch via the console, instead of the ASDM, following google documentation step-by-step from the CloudVPNGuide-UsingCloudVPNwithCiscoASA.pdf. The trick is to realize that the pool of internal cloud addresses should be the same as the server IP address, which in my case belonged to the us-east4 zone. – Andrew H Jun 21 '18 at 14:59

VPN Tunnel - Crypto map policy error

0 Answers0