Hello,

I'm trying to learn L2L VPN setup for a class lab. I'm using the following guide for reference: https://networklessons.com/cisco/asa-firewall/cisco-asa-site-site-ikev1-ipsec-vpn

There is no NAT involved. I've attached my configs for both ASAs, debug output from the initiating firewall, and a screenshot of the network layout. I am setting up an IKEV1 tunnel between two ASAs. The network layout is:

(10.1.1.0/24) ----> FW1 -----> (100.1.1.0/16) ------> FW2 ------> (10.1.3.0/24)

Based on the output, phase one completes:

Nov 06 20:46:41 [IKEv1]Group = 100.1.1.100, IP = 100.1.1.100, PHASE 1 COMPLETED

Phase 2 terminates with the following reason:

Nov 06 20:46:41 [IKEv1]Group = 100.1.1.100, IP = 100.1.1.100, Connection terminated for peer 100.1.1.100.  Reason: Peer Terminate  Remote Proxy 0.0.0.0, Local Proxy 0.0.0.0

I understand that the issue can be ACL related. I only have one ACL in place on each firewall:

The ACL for FW1 is: access-list LAN1_LAN2 extended permit ip 10.1.1.0 255.255.255.0 10.1.3.0 255.255.255.0

The ACL for FW2 is: access-list LAN2_LAN1 extended permit ip 10.1.3.0 255.255.255.0 10.1.1.0 255.255.255.0

I'm continuing to troubleshoot, but any insight on what I might be doing wrong would be very appreciated. It seems a simple setup, so I think I'm making some very basic mistake.

Mark