Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

IPSEC ISSUE || PHASE 2 NOT UP

Hi,

we are trying to configure IPsec tunnel between Sophos and Cisco ASA all configuration phase 1 and phase 2 are matches both sites.

phase 1 is up but phase 2 is down i have checked logs below error message we are getting.

2024-12-05 13:15:08Z 15[ENC] <SHELL-1|733> parsed INFORMATIONAL_V1 request 0 [ N(INVAL_IKE_SPI) ]
2024-12-05 13:15:08Z 15[IKE] <SHELL-1|733> informational: received INVALID_IKE_SPI error notify
2024-12-05 13:15:08Z 15[IKE] <SHELL-1|733> IKE_SA INVALID_IKE_SPI set_condition COND_START_OVER

Thanks

SATYA



Added V21 TAG
[edited by: Erick Jan at 8:19 AM (GMT -8) on 9 Dec 2024]
Parents Reply Children