08-21-2024 12:27 AM
Hello everyone,
I’m encountering an issue with establishing an IKEv1/IPsec VPN tunnel between two Cisco ASA devices. One ASA is located here where I work (ASA 1), and the other is in another country (ASA 2). The devices have different IKE policies, transform sets, and IPsec proposals, and it seems that the VPN tunnel cannot be established due to incompatibility between them.
The transform sets partially overlap, but I’m unsure if all necessary transform sets are included in the crypto map on both devices.
The IKE policies have different priorities on each device, which might cause a mismatch.
IPsec proposals are only defined on the ASA 1. There’s no information about IPsec proposals on the ASA 2.
How can I ensure that the transform sets, IKE policies, and IPsec proposals are aligned between these two ASA devices? What changes should I make to both devices to successfully establish the VPN tunnel?
Thank you in advance for your help!
08-21-2024 12:30 AM
Only match the group under policy
MHM
08-25-2024 04:33 PM
you have not attached the rest of the configuration, but whatever you have attached they match up.. the additional ikev2 policy has no bearing.
since the full config is missing, please follow this example and if you want post the entire config so we can review it:
**Please mark as helpful if this is useful**
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide