Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2320
Views
15
Helpful
11
Replies

IKEv2 Site to Site VPN having ERROR: Maximum transmissions reached

Prashobcv93
Beginner
Beginner

‎09-21-2021 07:16 AM

Configured a new VPN from ASAV to Sonicwall.

VPN Phase 1 is not coming up with an Error as the Maximum number of transmissions reached.

0 Helpful
11 Replies 11

Prashobcv93
Beginner
Beginner

‎09-21-2021 07:18 AM

Phase 1 in ASA:

crypto ikev2 policy 5
encryption aes-256
integrity sha256
group 14 5
prf sha256
lifetime seconds 86400
 
Phase 2 in ASA:
match address SME_StephenChambers&CoSolicitor-HQ_Cryptomap
set pfs group14
set peer 89.242.3.146
set ikev2 ipsec-proposal AES-256-SHA-256
set security-association lifetime seconds 3600
set reverse-route
0 Helpful

Prashobcv93
Beginner
Beginner

‎09-21-2021 07:19 AM

SonicWall config attached.

Preview file
39 KB
Preview file
31 KB
Preview file
36 KB
Preview file
29 KB
Preview file
31 KB
0 Helpful

Prashobcv93
Beginner
Beginner

‎09-21-2021 07:22 AM

Debug logs attached

Preview file
219 KB
0 Helpful

Rob Ingram
VIP
VIP
In response to Prashobcv93

‎09-21-2021 07:50 AM - edited ‎09-21-2021 07:51 AM

@Prashobcv93 try changing the Peer IKE ID on the Sonicwall (located in the General tab) to the private IP address of the ASA - 10.45.56.110

Prashobcv93
Beginner
Beginner
In response to Rob Ingram

‎09-21-2021 07:54 AM

Tried both but no luck.

Preview file
40 KB
Preview file
40 KB
0 Helpful

Rob Ingram
VIP
VIP
In response to Prashobcv93

‎09-21-2021 07:58 AM

@Prashobcv93 please provide the full ASA config

Prashobcv93
Beginner
Beginner
In response to Rob Ingram

‎09-21-2021 08:02 AM

ASAV config attached.

Preview file
575 KB
0 Helpful

Rob Ingram
VIP
VIP
In response to Prashobcv93

‎09-21-2021 08:16 AM

@Prashobcv93 The ASA is behind NAT but is the Sonicwall also?

Please turn on IKEv2 debugs on the ASA, attempt to establish the VPN tunnel and provide the debugs for review.

Prashobcv93
Beginner
Beginner
In response to Rob Ingram

‎09-21-2021 08:45 AM

Customer end device setting needs to be applied after a reboot and their firmware is outdated.

Awaiting device reboot and firmware upgrade.

0 Helpful

Prashobcv93
Beginner
Beginner
In response to Rob Ingram

‎09-21-2021 10:48 AM

I am awaiting some time after the UK business hours to enable the debug.
I have the logs from the Sonicwall firewall (attached).

Preview file
11 KB
0 Helpful

Prashobcv93
Beginner
Beginner

‎09-23-2021 03:32 AM

Customer Sonicwall was out of date and was asking for a reboot for any new changes to apply.

The VPN profile in Sonicwall was flushed and recreated, and the VPN came up instantly.

Thanks for your help, @Rob Ingram 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents