Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
621
Views
10
Helpful
4
Replies

IPSec tunnel not coming up for 5505 ver9.0

Go to solution
UMZaman3
Level 1
Level 1

‎04-23-2019 01:32 PM

I am working on a simple ipsec tunnel config in a lab at home and cannot get the IPSec tunnel to come up between the two ASA's. Any help would be greatly appreciated

 

ASA2# sh crypto isakmp sa

There are no IKEv1 SAs

There are no IKEv2 SAs

Labels:
Preview file
4 KB
Preview file
4 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
UMZaman3
Level 1
Level 1
In response to Alan Ng'ethe

‎04-24-2019 06:55 AM

So this entire set up was flawed from the start as I just completely did not think about routing in this lab. I got it to work but what I did was I put a 1841 in between the 2 ASA's to act as the internet. Then did the layer 2 tunnel between the 2 ASA's and was able to get it to work. My apologies for posting this as I am just diving into the CCNA security and trying to understand how vpn tunnels work. I was assuming that the ASA's (since they were directly connected together) would be able to talk to each other even though they were on different subnets. But I realized my mistake yesterday when I drew it out and worked on it and was able to get the tunnel up

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Georg Pauwen
VIP
VIP

‎04-23-2019 03:11 PM

Hello,

 

the configs look good. The only thing that might be missing could be:

 

crypto map outside_map 20 set pfs

 

Can you try and add that to both configs ?

 

 

 

Go to solution
Alan Ng'ethe
Level 3
Level 3

‎04-23-2019 03:12 PM

Hi there!

 

As you try to pass traffic from one side of the tunnel to the other, can you run an debug crypto ikev1 on both sides, and share the output? 

Are the ASAs directly connected? Can you also paste a show route ?

Remember to rate helpful posts and/or mark as a solution if your issue is resolved.

Go to solution
UMZaman3
Level 1
Level 1
In response to Alan Ng'ethe

‎04-24-2019 06:55 AM

So this entire set up was flawed from the start as I just completely did not think about routing in this lab. I got it to work but what I did was I put a 1841 in between the 2 ASA's to act as the internet. Then did the layer 2 tunnel between the 2 ASA's and was able to get it to work. My apologies for posting this as I am just diving into the CCNA security and trying to understand how vpn tunnels work. I was assuming that the ASA's (since they were directly connected together) would be able to talk to each other even though they were on different subnets. But I realized my mistake yesterday when I drew it out and worked on it and was able to get the tunnel up

0 Helpful

Go to solution
Alan Ng'ethe
Level 3
Level 3
In response to UMZaman3

‎04-24-2019 09:33 AM

Glad that you figured it out.

Remember to rate helpful posts and/or mark as a solution if your issue is resolved.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card