I was recently setting up an IPSec VPN tunnel between a Sophos UTM and Cisco ASA. When doing so I kept getting the the following error when looking in the ASDM debug logs:
“Can’t find a valid tunnel group, aborting…!”
Followed by:
“Header invalid, missing SA payload!”
It turns out when you are creating the VPN, ASAs do not like being given a friendly connection name. In this instance leaving the Connection name tick box “Same as IP Address” resolved the issue and the VPN connection established.