cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
733
Views
0
Helpful
6
Replies

Cisco ASA 5505 VPN trouble

Kabashik
Level 1
Level 1

Hi everyone! Unknown error while configuring ASA's VPN. All commands are clear and 100% right, but when we start to test how it works we have error " The interesting traffic can not be encrypted, IKE (ISAKMP) needs to negotatiate IPSec SAs." A lot of different sources red, but don't know what to do with this. Screens and configs are below. Thanks!

1 Accepted Solution

Accepted Solutions

Hello,

 

if this is a Packet Tracer project, post your zipped project (.pkt) file.

View solution in original post

6 Replies 6

Hello,

 

if this is a Packet Tracer project, post your zipped project (.pkt) file.

 

Looking at the router configuration, there is no routing at all. Are you sure you sent the configuration of the correct router (the ISP router in your drawing) ?

Already downloaded .pkt, you can watch and write me

Kabashik
Level 1
Level 1

Already fixed, thanks everyone!

Hello,

 

it seems to work just fine. The routing on the ISP router has been added, I can ping and get a valid SA:

 

Crypto map tag: TESTMAP, seq num: 10, local addr 192.168.1.2

permit icmp 192.168.3.0 255.255.255.0 192.168.4.0 255.255.255.0
local ident (addr/mask/prot/port): (192.168.3.0/255.255.255.0/1/0)
remote ident (addr/mask/prot/port): (192.168.4.0/255.255.255.0/1/0)
current_peer 192.168.2.2
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors 1, #recv errors 0

local crypto endpt.: 192.168.1.2/0, remote crypto endpt.:192.168.2.2/0
path mtu 1500, ip mtu, ipsec overhead 78, media mtu 1500
current outbound spi: 0x26E65432(652629042)
current inbound spi: 0x378A033A(652629042)

inbound esp sas:
spi: 0x378A033A(931791674)
transform: esp-aes esp-sha-hmac no compression
in use settings ={L2L, Tunnel, }
slot: 0, conn id: 2002, crypto map: TESTMAP
sa timing: remaining key lifetime (k/sec): (4525504/86396)
IV size: 16 bytes
replay detection support: N
Anti replay bitmap:
0x00000000 0x0000001F
outbound esp sas:
spi: 0x26E65432(652629042)
transform: esp-aes esp-sha-hmac no compression
in use settings ={L2L, Tunnel, }
slot: 0, conn id: 2003, crypto map: TESTMAP
sa timing: remaining key lifetime (k/sec): (4525504/86396)
IV size: 16 bytes
replay detection support: N
Anti replay bitmap:
0x00000000 0x00000001
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco