I'm using a Cisco ASA device as my customer gateway in Amazon VPC. When I try to establish a virtual private network (VPN) connection to my VPC, I receive the error Rejecting IPSec tunnel: no matching crypto map entry for remote proxy 0.0.0.0/0.0.0.0/0/0 local proxy 0.0.0.0/0.0.0.0/0/0 on my customer gateway. How do I resolve this error?
In established VPN connections, the standby tunnel can trigger this error in some Cisco ASA configurations. For more information, see Troubleshooting Cisco ASA Customer Gateway Connectivity.
Note: This specific error message pertains to Cisco ASA devices. However, the resolution applies to any customer gateway that uses a policy-based VPN or route-based VPN with a non-default proxy ID.
Be sure that your network traffic is initiated from your local network on the customer gateway to your VPC.
Configure route-based VPN connections with default proxy IDs if your device supports it.