Cisco ASA Site-To-Site VPN “Can’t find a valid tunnel group, aborting…!”

I was recently setting up an IPSec VPN tunnel between a Sophos UTM and Cisco ASA. When doing so I kept getting the the following error when looking in the ASDM debug logs:
“Can’t find a valid tunnel group, aborting…!”

Followed by:
“Header invalid, missing SA payload!”

It turns out when you are creating the VPN, ASAs do not like being given a friendly connection name. In this instance leaving the Connection name tick box “Same as IP Address” resolved the issue and the VPN connection established.

VPN Settings


Leave a Reply

Scroll to Top