I have two ASA 5505 running 8.4 and I tried using the VPN wizard and using the CLI but i am not able to get the peers to initialze. I have looked at other configs and am not seeing what is missing. I have tried packet tracking through the ASDM and its not even seeing the VPN tunnel and keeps trying to go out to the internet. I have attached both configs for assistance.
I am glad that you figured out the problem and got the tunnel to initialize. Thanks for posting back to the forum and indicating what you found to be the problem and how you fixed it. This is a good reminder of the importance of making sure that the crypto map matches on both ends. Perhaps now you can mark this issue as solved and this would let other readers know that there is a solution to the problem here.
vpn-tunnel-protocol ikev1 is for IPSEC v1 and there is a v2 as well. I am just trying to get phase one to connect and not able to do that. Through the packet tracer on the ASDM i am not even seeing the packet try to go through the VPN tunnel at all, just trying to go over the internet access-list.
This issue i found was with the crypto map. one side was setup using IP and subnet and the other side was using OBJ and they was not seeing each other. Once i changed both sides to match with IP and subnet the vpn tunnel came back up and it is working.
I am glad that you figured out the problem and got the tunnel to initialize. Thanks for posting back to the forum and indicating what you found to be the problem and how you fixed it. This is a good reminder of the importance of making sure that the crypto map matches on both ends. Perhaps now you can mark this issue as solved and this would let other readers know that there is a solution to the problem here.
HTH
Rick
HTH
Rick
Learn, share, save
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
