11-09-2020 06:57 AM
Afternoon All,
I am hoping for a bit of help setting up a route based IKEv2 VPN between an ASA & IOS router. I have setup route based IKEv1 VPN's between ASA's & IOS routers with no problem but am really struggling doing the same with IKEv2. The ASA does not show an SA but the router does but looks like there maybe an auth issue?
IKEV2_RTR#sh crypto ikev2 sa
IPv4 Crypto IKEv2 SA
Tunnel-id Local Remote fvrf/ivrf Status
1 21.0.0.2/500 212.0.0.1/500 none/none IN-NEG
Encr: AES-CBC, keysize: 256, PRF: SHA256, Hash: SHA512, DH Grp:5, Auth sign: PSK, Auth verify: Unknown - 0
Life/Active Time: 86400/0 sec
The VTI tunnel on the router show as line up protocol down but on the ASA side the tunnel interface shows as down down.
I have attached the configurations from both the router, ASA and also some debugs from the ASA of debug platform & protocol.
Any help would be much appreciated because for the life of me I can't see where I am going wrong?
Many thanks,
Solved! Go to Solution.
11-10-2020 02:25 PM
11-11-2020 01:01 AM
Morning All,
I have managed to resolve this by upgrading the ASA image to 9.8(4)29, it looks like route based IKEV2 VPN's are not supported on ASA until 9.8(1) or later and I was on 9.7(1) 4 which was ok for IKEV1 route based VPN's but not IKEV2.
Thank you to all that helped with this
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide