[fw-wiz] asa 5505 vpn ipsec l2l problem

hello eveyone,

i have asa 5505 with Base license and 7.2.4 sofware.

Licensed features for this platform:
Maximum Physical Interfaces : 8
VLANs : 3, DMZ Restricted
Inside Hosts : 10
Failover : Disabled
VPN-DES : Enabled
VPN-3DES-AES : Enabled
VPN Peers : 10
WebVPN Peers : 2
Dual ISPs : Disabled
VLAN Trunk Ports : 0


i'm trying to create l2l ipsec tunnel reading manual on
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/site2sit.html

and when i'm applying acl in crypto map
crypto map abcMap 1 match address acl
i'm getting this log:
Ignoring msg to mark SA with specified coordinates <abcMap, 1> dead

i don't have any debug messages (debug crypto ipsec 100)
google it but haven't found any answer.

thank you for your answers!

acl
access-list acl extended permit tcp host 192.168.11.11 host 10.1.100.13 eq 4000
access-list acl extended permit tcp host 192.168.11.11 host 10.1.110.250 eq 4000
access-list acl extended permit tcp host 192.168.11.11 eq ftp host 10.1.100.105 eq ftp
access-list acl extended permit tcp host 192.168.11.11 host 10.1.100.105 eq ftp-data
access-list acl extended permit tcp host 192.168.11.12 host 10.1.100.13 eq 4000
access-list acl extended permit tcp host 192.168.11.12 host 10.1.110.250 eq 4000
access-list acl extended permit tcp host 192.168.11.12 host 10.1.100.105 eq ftp
access-list acl extended permit tcp host 192.168.11.12 host 10.1.100.105 eq ftp-data
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Relevant Pages