Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1208
Views
0
Helpful
3
Replies

Site to Site VPN not working

Prathamesh1993
Level 1
Level 1

‎10-24-2019 03:52 AM - edited ‎02-21-2020 09:37 AM

Hi,

 

We have a two Cisco 5520 in HA mode in Active/Standby Ready state . we have configured the Site to site Ipsec vpn but it is showing no VPN session on ASDM monitor window and in CLI it showing there is no any ISAKMP/IPSEC sa . 

Kindly help me in this issue , previously it was working properly.

 

Thanks & Regards

Prathamesh

0 Helpful
3 Replies 3

bhargavdesai
Spotlight
Spotlight

‎10-24-2019 04:24 AM

The provided information not enough, however i would say try generating interesting traffic for the VPN tunnel. Moreover, test your configuration with packet-tracer. I would say run the packet-tracer twice as if the tunnel is down, the first request will fail as the tunnel will negotiate and the actual result will be on the second trace if the tunnel is configured perfectly. 

 

You should also verify your tunnel configuration.

 

HTH

### RATE ALL HELPFUL RESPONSES ###

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎10-24-2019 05:03 AM

We need more information, about the config, what is other side device?

what is the ASA code running?

 

basic site to site vpn document for reference :

 

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/119141-configure-asa-00.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Prathamesh1993
Level 1
Level 1
In response to balaji.bandi

‎10-24-2019 10:09 PM

Hi ,

We are Running ASA Version 8.3(1) and Below are the configuration of site to site vpn.


crypto isakmp policy 1
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400


crypto isakmp policy 15
authentication pre-share
encryption aes-256
hash sha
group 5
lifetime 86400

tunnel-group xxx.xxx.xxx.x type ipsec-l2l
tunnel-group xxx.xxx.xxx.x ipsec-attributes
pre-shared-key *******

access-list outside_1_cryptomap extended permit ip object-group Site_vpn_IP object-group site_vpn_remote_ip

object-group network Site_vpn_IP
description site 2 site vpn ip address
network-object yyy.yyy.yyy.yy netmask


object-group network site_vpn_remote_ip
description remote side ip
network-object zzz.zzz.zzz.z netmask
network-object www.www.www.w netmask


crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac


crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set peer xxx.xxx.xxx.x
crypto map outside_map 1 set transform-set ESP-3DES-SHA
crypto map outside_map 1 set security-association lifetime kilobytes 4608000
crypto map outside_map 1 set reverse-route
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card