02-02-2012 02:39 AM
Hi all,
I have a very perplexing issue.
Side A - ASA 5510
Side B - Cisco 891
Side B initiates connection,
Phase 1 settings
Pre-Share, AES-256, DH Grp 5, Hash - SHA, Lifetime - 28800.
Now there wasn't a IKE policy to this value on the ASA, so I added one (see screenshot).
And the remote end added / changed their phase 1 to match the default entries at the Side A (ASA) end.
But all we get on the ASDM log is the second screen shot saying about mis-match on configured policies.
Any one any ideas as to what's wrong.
Many Thanks
Stephen
Solved! Go to Solution.
02-02-2012 05:02 AM
So far if you are able to get far end site is fine.Atleast you can ask what is the other end configuration for UK tunnel.
Also based on logs DH group 5 is coming and Group 2 is configured try to change that might fix your issue.
02-02-2012 04:46 AM
Please post both end configuration.
02-02-2012 04:51 AM
Hi there,
Thanks for the interest, before I get hold of the config's. (One is a separate company and they may not give me their side of things.) I have had a thought.
The A end is in the UK, and the B end is in Auz (Sydney).
Could there be latency issues with the phase exchange, and if so, can anything be done to alter the timers ?
Thanks
Stephen
02-02-2012 05:02 AM
So far if you are able to get far end site is fine.Atleast you can ask what is the other end configuration for UK tunnel.
Also based on logs DH group 5 is coming and Group 2 is configured try to change that might fix your issue.
02-07-2012 07:48 AM
Hi there,
Believe it or not, this issue is caused by the request being sent back to the originator on the wrong port.
There were a few firewall inbetween, and one wasn't set to use NAT-T, so I'm told.
When amended all worked wonderfully well.
02-07-2012 07:52 AM
To those that read this post, I actually resolved the issue myself. See previous post.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide