ASA 5512 to Cisco 881 IPSec VPN - wont connect

Andrew Duffield · ‎10-25-2015

Hi all,

I am trying to create an IPsec VPN tunnel from a Cisco ASA 5512 to a Cisco 881.

The local network of the ASA is 192.168.115.0/24

The WAN of the ASA is 220.244.7.134

The remote network of the Cisco 881 is 192.168.118.0/24

The WAN of the Cisco is 14.201.226.170

I have tried checking the encryption, negotiation at lifetime settings and they all seem to be ok but I cant get the tunnel up.

I occasionally get the following messages on the Cisco:

MM_SA_SETUP ACTIVE

MM_NO_STATE ACTIVE (deleted)

But a few seconds it disconnects.

I changed the lifetime on both ends to match, 3600 seconds, but still wouldnt work.

I have attached configs from the Cisco and ASA.

PLEASE could someone identify where I am going wrong?

Thanks

Andy

Masoud Pourshabanian · ‎10-25-2015

First, you need to decrease your MTU size.

Try both sides and share the result.

Ip mtu 1400

ip tcp adjust-mss 1360

Andrew Duffield · ‎10-26-2015

Hi,

Thanks for your reply.

I have changed the MTU but this didn't help, it only made my connection drop out.

Thanks anyway