Re: IKEv2 Site to Site VPN having ERROR: Maximum transmissions reached

Prashobcv93 · ‎09-21-2021

Configured a new VPN from ASAV to Sonicwall.

VPN Phase 1 is not coming up with an Error as the Maximum number of transmissions reached.

Prashobcv93 · ‎09-21-2021

Phase 1 in ASA:

crypto ikev2 policy 5
encryption aes-256
integrity sha256
group 14 5
prf sha256
lifetime seconds 86400

Phase 2 in ASA:

match address SME_StephenChambers&CoSolicitor-HQ_Cryptomap
set pfs group14
set peer 89.242.3.146
set ikev2 ipsec-proposal AES-256-SHA-256
set security-association lifetime seconds 3600
set reverse-route

Prashobcv93 · ‎09-21-2021

SonicWall config attached.

Prashobcv93 · ‎09-21-2021

Debug logs attached

Rob Ingram · ‎09-21-2021

@Prashobcv93 try changing the Peer IKE ID on the Sonicwall (located in the General tab) to the private IP address of the ASA - 10.45.56.110

Prashobcv93 · ‎09-21-2021

Tried both but no luck.

Rob Ingram · ‎09-21-2021

@Prashobcv93 please provide the full ASA config

Prashobcv93 · ‎09-21-2021

ASAV config attached.

Rob Ingram · ‎09-21-2021

@Prashobcv93 The ASA is behind NAT but is the Sonicwall also?

Please turn on IKEv2 debugs on the ASA, attempt to establish the VPN tunnel and provide the debugs for review.

Prashobcv93 · ‎09-21-2021

Customer end device setting needs to be applied after a reboot and their firmware is outdated.

Awaiting device reboot and firmware upgrade.

Prashobcv93 · ‎09-21-2021

I am awaiting some time after the UK business hours to enable the debug.
I have the logs from the Sonicwall firewall (attached).

Prashobcv93 · ‎09-23-2021

Customer Sonicwall was out of date and was asking for a reboot for any new changes to apply.

The VPN profile in Sonicwall was flushed and recreated, and the VPN came up instantly.

Thanks for your help, @Rob Ingram