cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
312
Views
0
Helpful
0
Replies
Beginner

IPSEC VPN issue - ASA 5510 FW to Router

Hi

I have this issue, Phase 1 & 2 confirmed and see the crypto ipsec sa, still traffic is failing.

On debug crypto isakmp 200, i am seeing the follow message.

Received keep-alive of type DPD R-U-THERE-ACK

ASA 5510 cfg ios -

interface GigabitEthernet0/0

nameif outside

security-level 0

ip address 20.46.3.2 255.255.255.0

access-list mynetwork extended permit ip host 10.8.8.8 host 10.2.2.2

crypto ipsec transform-set cisco esp-des esp-md5-hmac

crypto map intnet 10 match address mynetwork

crypto map intnet 10 set pfs

crypto map intnet 10 set peer 10.10.4.4

crypto map intnet 10 set transform-set cisco

crypto map intnet interface outside

crypto isakmp enable outside

crypto isakmp policy 10

authentication pre-share

encryption 3des

hash md5

group 2

lifetime 86400

group-policy DfltGrpPolicy attributes

vpn-tunnel-protocol IPSec l2tp-ipsec

tunnel-group 10.10.4.4 type ipsec-l2l

tunnel-group 10.10.4.4 ipsec-attributes

pre-shared-key mypass123

Router

crypto isakmp policy 10

encr 3des

hash md5

authentication pre-share

group 2

crypto isakmp key mypass123 address 20.46.3.2

!        

crypto ipsec transform-set cisco esp-des esp-md5-hmac

!

ip access-list extended vpn

permit ip host 10.2.2.2 host 10.8.8.8

!

crypto map cisco 10 ipsec-isakmp

set peer 20.46.3.2

set transform-set cisco

set pfs group2

match address vpn

!

interface FastEthernet0/0.104

encapsulation dot1Q 104

ip address 10.10.4.4 255.255.255.0

crypto map cisco

Any suggestions?

Thanks

Nouaj