Solved: RV340 and ASA

Isynth · ‎11-15-2018

Dear cummunity,

I'm trying to use a RV 340 Router to establish a Site to Site VPN to two ASAs.

I configured the tunnels several times and made 100% sure that the configuration is identical.

On both ASAs the PHASE 1 is completed successfully but the session is quit immediately after that with the following message:

PHASE 1 COMPLETED
Aug 21 07:51:26 [IKEv1]IP = XXX.XXX.XXX.XXX, Keep-alive type for this connection: DPD
Aug 21 07:51:26 [IKEv1 DEBUG]Group = XXX.XXX.XXX.XXX, IP = XXX.XXX.XXX.XXX, Starting P1 rekey timer: 27360 seconds.
Aug 21 07:51:26 [IKEv1]Group = XXX.XXX.XXX.XXX, IP = XXX.XXX.XXX.XXX, Add to IKEv1 Tunnel Table succeeded for SA with logical ID 96706560
Aug 21 07:51:26 [IKEv1]Group = XXX.XXX.XXX.XXX, IP = XXX.XXX.XXX.XXX, Add to IKEv1 MIB Table succeeded for SA with logical ID 96706560
Aug 21 07:51:26 [IKEv1]IKE Receiver: Packet received on 10.10.100.1:4500 from XXX.XXX.XXX.XXX:4500
Aug 21 07:51:26 [IKEv1]IP = XXX.XXX.XXX.XXX, IKE_DECODE RECEIVED Message (msgid=9aabc695) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 80
Aug 21 07:51:26 [IKEv1 DEBUG]Group = XXX.XXX.XXX.XXX, IP = XXX.XXX.XXX.XXX, processing hash payload
Aug 21 07:51:26 [IKEv1 DEBUG]Group = XXX.XXX.XXX.XXX, IP = XXX.XXX.XXX.XXX, processing delete
Aug 21 07:51:26 [IKEv1]Group = XXX.XXX.XXX.XXX, IP = XXX.XXX.XXX.XXX, Connection terminated for peer XXX.XXX.XXX.XXX.  Reason: Peer Terminate  Remote Proxy 0.0.0.0, Local Proxy 0.0.0.0
Aug 21 07:51:26 [IKEv1]Group = XXX.XXX.XXX.XXX, IP = XXX.XXX.XXX.XXX, Remove from IKEv1 Tunnel Table succeeded for SA with logicalId 96706560
Aug 21 07:51:26 [IKEv1]Group = XXX.XXX.XXX.XXX, IP = XXX.XXX.XXX.XXX, Remove from IKEv1 MIB Table succeeded for SA with logical ID 96706560
Aug 21 07:51:26 [IKEv1 DEBUG]Group = XXX.XXX.XXX.XXX, IP = XXX.XXX.XXX.XXX, IKE SA MM:b2554993 terminating:  flags 0x0101c802, refcnt 0, tuncnt 0
Aug 21 07:51:26 [IKEv1]Group = XXX.XXX.XXX.XXX, IP = XXX.XXX.XXX.XXX, Warning: Ignoring IKE SA (src) without VM bit set
Aug 21 07:51:26 [IKEv1]Group = XXX.XXX.XXX.XXX, IP = XXX.XXX.XXX.XXX, Session is being torn down. Reason: User Requested

First I don't understand why Remote and Local Proxy is stated with the IP adress 0.0.0.0

Second if I use a RV180 with the exact same settings the tunnels come up immediately.

Desperate for any advice.

Thanks.

krishna_c · ‎11-20-2018

Do you have logs queried on your RV340? It may help to identify the reason for failure in VPN establishment.

View solution in original post

Isynth · ‎12-02-2018

Just by asking me for the logs I took another close look at the logs.

The identifiers didn't match.

Thanks :D

View solution in original post

balaji.bandi · ‎11-16-2018

Suggest to Compare your crypto acl's on both devices. (information should be same)

crypto acl of "permit any to any" - this is bad way.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

krishna_c · ‎11-20-2018

Do you have logs queried on your RV340? It may help to identify the reason for failure in VPN establishment.

Isynth · ‎12-02-2018

Just by asking me for the logs I took another close look at the logs.

The identifiers didn't match.

Thanks :D

krishna_c · ‎12-02-2018

Great!