Solved: ASA 5505 and ASA 5510 Site to Site VPN Tunnel cannot be established

hugochengym · ‎10-21-2013

Hi ALL expert

We are now plan to form a site to site IPSec VPN tunnel between ASA 5505 (ASA Version 8.4) and ASA 5510 (ASA Version 8.0) but failure, would you please teach me how to establish it? Any reference guide?

i got error syslog 713902 and 713903, How to fix?

I got the follwoing when i type "sh crypto isakmp sa"

Type : user Role : initiator

Rekey : no State : MM_WAIT_MSG2

Hugo

Dinesh Moudgil · ‎10-21-2013

Hi ,

This state is acheived when the phase 1 policies are not matching on both the ends.

Please confirm you have identical phase 1 parameters on both the sides with the following commands:

show run crypto isakmp

show run crypto ikev1

Also make sure that the UDP port 500 and 4500 are opened for communication between your device and remote peer.

Lastly, make sure you have a proper route pertaining to remote VPN termination device.

Hope that helps.

Regards,

Dinesh Moudgil

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/

View solution in original post

Dinesh Moudgil · ‎10-21-2013