cancel
Showing results for 
Search instead for 
Did you mean: 

Sidewinder to Cisco IPSEC VPN

Jump to solution

Creating an IPSec VPN line between a Sidewinder 7 and a Cisco ASA 5520, both side match in configs however we are getting

information: [detailed info]

  [error]

    QUICK_MODE exchange terminated - QUICK_MODE exchange processing failed

  [error]

    IPSEC (phase 2) policy mismatch

    [invalid local protected network]

      [configured local policy identities]

          IPV4_SUBNET-10.31.0.0/24

      [negotiated identity]

        IPV4_ADDR-10.31.0.99

  [notify]

    protocol: ESP

    spi(4): |43023da8|, type: INVALID_ID_INFO

Any input would be appreciated

1 Solution

Accepted Solutions

Re: Sidewinder to Cisco IPSEC VPN

Jump to solution

Ive answered my own question The mcafee wants the subnet

5 Replies

Re: Sidewinder to Cisco IPSEC VPN

Jump to solution

I'm the guy on the other end. 

Able to connect via VPN to one other site.

Re: Sidewinder to Cisco IPSEC VPN

Jump to solution

This audit is telling us that the Sidewinder is configured for a "Local Network / IP" of "10.31.0.0/24" however, the remote end (Cisco) is negotiating a remote IP of "10.31.0.99". While "10.31.0.99" may be in the "10.31.0.0/24" network, the negotiation must be an identical match.

Verify that the Cisco device has "10.31.0.0/24" configured as the remote network and if not, modify the settings so that it does.

If you continue having problems, contact Support for additional assistance.

Re: Sidewinder to Cisco IPSEC VPN

Jump to solution

Once the changes are made the following error occurs:

  [error]

    QUICK_MODE exchange terminated - QUICK_MODE exchange processing failed

  [error]

    IPSEC (phase 2) policy mismatch

    [invalid local protected network]

      [configured local policy identities]

          IPV4_SUBNET-10.31.0.99/24

      [negotiated identity]

        IPV4_ADDR-10.31.0.99

  [notify]

Thanks for the quick reply.

Re: Sidewinder to Cisco IPSEC VPN

Jump to solution

We are also on call lol

/24 is missing, what bugs me is the cisco side only allows me to use the 255.255.255.255, hence the /24 is missing here, again irritates me

Re: Sidewinder to Cisco IPSEC VPN

Jump to solution

Ive answered my own question The mcafee wants the subnet