cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
1519
Views
0
Helpful
5
Replies
Highlighted
Beginner

Issue with Phase 1 not coming up.

Hi all,

I have a very perplexing issue.

Side A - ASA 5510

Side B - Cisco 891

Side B initiates connection,

Phase 1 settings

Pre-Share, AES-256, DH Grp 5, Hash - SHA, Lifetime - 28800.

Now there wasn't a IKE policy to this value on the ASA, so I added one (see screenshot).

And the remote end added / changed their phase 1 to match the default entries at the Side A (ASA) end.

But all we get on the ASDM log is the second screen shot saying about mis-match on configured policies.

Any one any ideas as to what's wrong.

Many Thanks

Stephen

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

So far if you are able to get far end site is fine.Atleast you can ask what is the other end configuration for UK tunnel.

Also based on logs DH group 5 is coming and Group 2 is configured try to change that might fix your issue.

View solution in original post

5 REPLIES 5
Highlighted
Rising star

Please post both end configuration.

Highlighted

Hi there,

Thanks for the interest, before I get hold of the config's. (One is a separate company and they may not give me their side of things.) I have had a thought.

The A end is in the UK, and the B end is in Auz (Sydney).

Could there be latency issues with the phase exchange, and if so, can anything be done to alter the timers ?

Thanks

Stephen

Highlighted

So far if you are able to get far end site is fine.Atleast you can ask what is the other end configuration for UK tunnel.

Also based on logs DH group 5 is coming and Group 2 is configured try to change that might fix your issue.

View solution in original post

Highlighted

Hi there,

Believe it or not, this issue is caused by the request being sent back to the originator on the wrong port.

There were a few firewall inbetween, and one wasn't set to use NAT-T, so I'm told.

When amended all worked wonderfully well.

Highlighted
Beginner

To those that read this post, I actually resolved the issue myself. See previous post.

Content for Community-Ad