Hello,

I have a environment with two Cisco ASA as screenshot follow. I´m trying establish a IPSec VPN Tunnel between 10.10.10.2 and 10.30.30.2 but unsuccess.

all routing it is working and each ASA ( ASA01 and ASA02 ) are able to ping each other.

The point is neither of firewall ASAs are starting the VPN! they doesn´t out put any packet udp port 500, it seem the firewall ASA no had the service IPsec/isakmp active.

I have done some debug as "debug crypto condition peer 10.30.30.2" on ASA01 but it doesn´t show any packet flow.

My configuration tunnel VPN I have done by Wizard on two sides so I belive it´s no necessary add any configuration for phase I come UP, right ?

My question is why the neither of ASA are starting the Tunnel ? maybe something about LIC ?

In attached are the running-config from two ASAs.

follow the output from show version on ASA01

Cisco Adaptive Security Appliance Software Version 9.0(4)42
Device Manager Version 7.5(2)153

Compiled on Fri 09-Sep-16 14:51 by builders
System image file is "disk0:/asa904-42-k8.bin"
Config file at boot was "startup-config"

ASA01 up 3 days 2 hours

Hardware: ASA5510, 1024 MB RAM, CPU Pentium 4 Celeron 1600 MHz,
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW016 @ 0xfff00000, 2048KB

Encryption hardware device : Cisco ASA-55xx on-board accelerator (revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode : CNLite-MC-SSLm-PLUS-2.03
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.08
Number of accelerators: 1

0: Ext: Ethernet0/0 : address is d48c.b5c9.6070, irq 9
1: Ext: Ethernet0/1 : address is d48c.b5c9.6071, irq 9
2: Ext: Ethernet0/2 : address is d48c.b5c9.6072, irq 9
3: Ext: Ethernet0/3 : address is d48c.b5c9.6073, irq 9
4: Ext: Management0/0 : address is d48c.b5c9.6074, irq 11
5: Int: Not used : irq 11
6: Int: Not used : irq 5

Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 100 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Security Contexts : 2 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 250 perpetual
Total VPN Peers : 250 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
Cluster : Disabled perpetual

This platform has an ASA 5510 Security Plus license.

Serial Number: JMX1641X0DQ
Running Permanent Activation Key: 0xd926c271 0x6cc8f482 0x74f22d74 0x93704000 0x0b212db3
Configuration register is 0x1
Configuration last modified by admin at 15:30:09.664 UTC Mon Oct 28 2019
ASA01#

Thanks, any tip is welcome.