cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2320
Views
15
Helpful
11
Replies

IKEv2 Site to Site VPN having ERROR: Maximum transmissions reached

Prashobcv93
Beginner
Beginner

Configured a new VPN from ASAV to Sonicwall.

VPN Phase 1 is not coming up with an Error as the Maximum number of transmissions reached.

11 Replies 11

Prashobcv93
Beginner
Beginner

Phase 1 in ASA:

crypto ikev2 policy 5
encryption aes-256
integrity sha256
group 14 5
prf sha256
lifetime seconds 86400
 
Phase 2 in ASA:
match address SME_StephenChambers&CoSolicitor-HQ_Cryptomap
set pfs group14
set peer 89.242.3.146
set ikev2 ipsec-proposal AES-256-SHA-256
set security-association lifetime seconds 3600
set reverse-route

Prashobcv93
Beginner
Beginner

SonicWall config attached.

Prashobcv93
Beginner
Beginner

Debug logs attached

@Prashobcv93 try changing the Peer IKE ID on the Sonicwall (located in the General tab) to the private IP address of the ASA - 10.45.56.110

Tried both but no luck.

@Prashobcv93 please provide the full ASA config

ASAV config attached.

@Prashobcv93 The ASA is behind NAT but is the Sonicwall also?

Please turn on IKEv2 debugs on the ASA, attempt to establish the VPN tunnel and provide the debugs for review.

Customer end device setting needs to be applied after a reboot and their firmware is outdated.

Awaiting device reboot and firmware upgrade.

I am awaiting some time after the UK business hours to enable the debug.
I have the logs from the Sonicwall firewall (attached).

Prashobcv93
Beginner
Beginner

Customer Sonicwall was out of date and was asking for a reboot for any new changes to apply.

The VPN profile in Sonicwall was flushed and recreated, and the VPN came up instantly.

Thanks for your help, @Rob Ingram 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: