Solved: Need help with VPN (Cisco831+ASA5510)

kpoon · ‎12-01-2008

Hello,

We are trying to establish a site-site VPN between a Cisco831 and an ASA5510.

I've attached the config files of both units and the error file from the ASA.

on the 831, we get:

KED1CSPSVPNr01#

*Mar 19 22:17:48.743: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Quick mode failed with peer at 8.10.15.130

I can't seem to find out where the problem is. Could anyone help out please?

Thanks.

acomiskey · ‎12-01-2008

try adding this to the ASA..

crypto map outside_map 1 set pfs

View solution in original post

ajagadee · ‎12-01-2008

Ken,

The Crypto IPSEC ACL are not matching on the ASA and 831 router.

ASA

access-list outside_1_cryptomap extended permit ip 172.30.1.0 255.255.255.0 192.168.13.0 255.255.255.0

831

access-list 100 permit ip 10.0.0.0 0.255.255.255 172.30.0.0 0.0.255.255

access-list 100 permit ip 192.168.13.0 0.0.0.255 172.30.0.0 0.0.0.255

Make sure that you configure the IPSEC ACLs to be mirror images of each other and then bring up the tunnel. After you make the changes, do update your NAT 0 command accordingly.

Regards,

Arul

*Pls rate if it helps*