cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
440
Views
0
Helpful
2
Replies

ASA 5512 to Cisco 881 IPSec VPN - wont connect

Andrew Duffield
Level 1
Level 1

Hi all,

 

I am trying to create an IPsec VPN tunnel from a Cisco ASA 5512 to a Cisco 881.

 

The local network of the ASA is 192.168.115.0/24

The WAN of the ASA is 220.244.7.134

 

The remote network of the Cisco 881 is 192.168.118.0/24

The WAN of the Cisco is 14.201.226.170

 

I have tried checking the encryption, negotiation at lifetime settings and they all seem to be ok but I cant get the tunnel up.

 

I occasionally get the following messages on the Cisco:

 

MM_SA_SETUP                  ACTIVE

MM_NO_STATE                  ACTIVE (deleted)

 

But a few seconds it disconnects.

I changed the lifetime on both ends to match, 3600 seconds, but still wouldnt work.

 

I have attached configs from the Cisco and ASA.

 

PLEASE could someone identify where I am going wrong?

 

Thanks

 

Andy

 

2 Replies 2

First, you need to decrease your MTU size.

Try both sides and share the result.

Ip mtu 1400

ip tcp adjust-mss 1360