Solved: Site to Site VPN - Tx0 Rx0

ohareka70 · ‎09-24-2015

Hello,

I have built a site to site VPN with an external company. I am using a Cisco ASA 5500. We have setup the crypto phase 1 and 2 parameters on both sides but all i see on the monitoring is that it connects for 1 second and then disappears again

Tx0

Rx0

Any ideas why this is?

All my other site to site VPNs work fine.

regards,

Kevin

rvarelac · ‎09-24-2015

Hi Kevin ,

If you're familiar with the ASA console , you can run the following debugs to get more information about this issue.

* Debug crypto condition peer x.x.x.x

*Debug crypto ikev1 127 (isakmp older versions)

*Debug crypto ipsec 127

Hope it helps

-Randy-

View solution in original post

rvarelac · ‎09-24-2015

Hi Kevin ,

If you're familiar with the ASA console , you can run the following debugs to get more information about this issue.

* Debug crypto condition peer x.x.x.x

*Debug crypto ikev1 127 (isakmp older versions)

*Debug crypto ipsec 127

Hope it helps

-Randy-

ohareka70 · ‎10-13-2015

Randy,

I did the command Debug crypto ipsec 127 and it showed that their was a phase 2 mismatch. So I was able to tweak a few settings in the phase 2 setup on both sides till I got it right with the 3rd party contractor. The VPN is now connected.

- turned out we needed NAT-T disabled on this VPN and PFS turned on. Not sure why but at least its working.

thanks

Kevin