05-27-2012 02:46 PM
05-27-2012 05:54 PM
There must be something different with the non-working one.
I would assume you've verified the software version (8.4(1) or later) and the configuration lines supporting your IKEv2 L2L tunnel?
Beyond that, I'd suggest providing the config for us to have a first-hand look.
05-27-2012 11:28 PM
all asas have 8.4.3 installed.
i have NO IKEv2 activated. So why should I find lines supporting that? the pre-installed IKE policies are there, yes. But nothing more. I will provide you with the configs as soon as the devices are reachable again...
--edit--
In the main office I see 3 asas connecting in the syslog messages. the one with the most problems is not visible.
I'm connected via rdp on a server behind the asa in the branchoffice. From there I have the asdm open and I'm seeing that the asa tries to build up the tunnel. But on the mainoffice I don't see any try for connecting.
Very strange. How can that be? From that asa I can ping the public IP of the mainoffice - and there I see the pings coming and replying.
Thx
DN
05-28-2012 10:58 AM
Could you have possibly omitted specifying IKE version altogether on the non-working VPN tunnel? That was the default prior to 8.4 when there was no IKEv2 support.
That might cause it to try both protocols and, since neither end has an IKEv2 proposal chosen, fail with the message you are seeing.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide