09-13-2020 01:33 PM
Hello Guys,
Hopefully, you can provide me some guidance, I'm trying to set up a Site to Site VPN between Azure (I) and Cisco ASA (Customer), on the Azure side I created it as Route based and sent the script to the customer, however, I'm not able to get the VPN connected. On the Azure side first, it showed an error saying there was a mismatch in the IPSEC/IKE policy. Checking the logs on Azure I saw this mismatch error and asked the Customer to verify the policy, I think he did a change because later on the logs the policy mismatch error was no longer there, now I saw the tunnel was being created but then it gets closed:
[LOCAL_MSG] IKE Tunnel created for tunnelId 0x1
...
[LOCAL_MSG] IKE Tunnel closed for tunnelId 0x1 with status Main mode SA lifetime expired or peer sent a main mode delete.
Can you help me see why the tunnel is being close, I'm attaching the logs.
PS. I have asked the customer to provide me their configuration so I can check on my own and make sure the parameters match. Also, I have asked for the debug info for both Phase1 and Phase2.
Thanks in advance!!
Antonio
09-14-2020 01:32 AM
- Check if this guide can help you :
https://www.petenetlive.com/KB/Article/0001166
M.
09-14-2020 06:52 AM
Hello Guys, it appears that the remote side does not support tunnel-group <public-ip> "type ipsec-l2l"
At least is not showing the "type" command on the CLI, do you know if there are restrictions to this command?
Thanks
09-14-2020 09:14 AM
- Check if this guide can help you :
M.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide