Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1178
Views
0
Helpful
6
Replies

Cisco ASA 5505 VPN trouble

Go to solution
Kabashik
Level 1
Level 1

‎03-19-2022 02:53 PM - edited ‎03-19-2022 03:59 PM

Hi everyone! Unknown error while configuring ASA's VPN. All commands are clear and 100% right, but when we start to test how it works we have error " The interesting traffic can not be encrypted, IKE (ISAKMP) needs to negotatiate IPSec SAs." A lot of different sources red, but don't know what to do with this. Screens and configs are below. Thanks!

Labels:
Preview file
3 KB
Preview file
3 KB
Preview file
1 KB
Preview file
55 KB
Preview file
67 KB
ASA VPN.zip
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Georg Pauwen
VIP
VIP

‎03-19-2022 03:28 PM

Hello,

 

if this is a Packet Tracer project, post your zipped project (.pkt) file.

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Georg Pauwen
VIP
VIP

‎03-19-2022 03:28 PM

Hello,

 

if this is a Packet Tracer project, post your zipped project (.pkt) file.

0 Helpful

Go to solution
Kabashik
Level 1
Level 1
In response to Georg Pauwen

‎03-19-2022 03:31 PM

 
ASA VPN.zip
0 Helpful

Go to solution
Georg Pauwen
VIP
VIP

‎03-19-2022 03:31 PM

Looking at the router configuration, there is no routing at all. Are you sure you sent the configuration of the correct router (the ISP router in your drawing) ?

0 Helpful

Go to solution
Kabashik
Level 1
Level 1
In response to Georg Pauwen

‎03-19-2022 03:32 PM

Already downloaded .pkt, you can watch and write me

0 Helpful

Go to solution
Kabashik
Level 1
Level 1

‎03-19-2022 03:58 PM

Already fixed, thanks everyone!

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP
In response to Kabashik

‎03-20-2022 02:52 AM - last edited on ‎03-21-2022 12:23 PM by Community Manager

Hello,

 

it seems to work just fine. The routing on the ISP router has been added, I can ping and get a valid SA:

 

Crypto map tag: TESTMAP, seq num: 10, local addr 192.168.1.2

permit icmp 192.168.3.0 255.255.255.0 192.168.4.0 255.255.255.0
local ident (addr/mask/prot/port): (192.168.3.0/255.255.255.0/1/0)
remote ident (addr/mask/prot/port): (192.168.4.0/255.255.255.0/1/0)
current_peer 192.168.2.2
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors 1, #recv errors 0

local crypto endpt.: 192.168.1.2/0, remote crypto endpt.:192.168.2.2/0
path mtu 1500, ip mtu, ipsec overhead 78, media mtu 1500
current outbound spi: 0x26E65432(652629042)
current inbound spi: 0x378A033A(652629042)

inbound esp sas:
spi: 0x378A033A(931791674)
transform: esp-aes esp-sha-hmac no compression
in use settings ={L2L, Tunnel, }
slot: 0, conn id: 2002, crypto map: TESTMAP
sa timing: remaining key lifetime (k/sec): (4525504/86396)
IV size: 16 bytes
replay detection support: N
Anti replay bitmap:
0x00000000 0x0000001F
outbound esp sas:
spi: 0x26E65432(652629042)
transform: esp-aes esp-sha-hmac no compression
in use settings ={L2L, Tunnel, }
slot: 0, conn id: 2003, crypto map: TESTMAP
sa timing: remaining key lifetime (k/sec): (4525504/86396)
IV size: 16 bytes
replay detection support: N
Anti replay bitmap:
0x00000000 0x00000001
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card