09-24-2015 02:01 AM
Hello,
I have built a site to site VPN with an external company. I am using a Cisco ASA 5500. We have setup the crypto phase 1 and 2 parameters on both sides but all i see on the monitoring is that it connects for 1 second and then disappears again
Tx0
Rx0
Any ideas why this is?
All my other site to site VPNs work fine.
regards,
Kevin
Solved! Go to Solution.
09-24-2015 09:16 PM
Hi Kevin ,
If you're familiar with the ASA console , you can run the following debugs to get more information about this issue.
* Debug crypto condition peer x.x.x.x
*Debug crypto ikev1 127 (isakmp older versions)
*Debug crypto ipsec 127
Hope it helps
-Randy-
09-24-2015 09:16 PM
Hi Kevin ,
If you're familiar with the ASA console , you can run the following debugs to get more information about this issue.
* Debug crypto condition peer x.x.x.x
*Debug crypto ikev1 127 (isakmp older versions)
*Debug crypto ipsec 127
Hope it helps
-Randy-
10-13-2015 01:39 AM
Randy,
I did the command Debug crypto ipsec 127 and it showed that their was a phase 2 mismatch. So I was able to tweak a few settings in the phase 2 setup on both sides till I got it right with the 3rd party contractor. The VPN is now connected.
- turned out we needed NAT-T disabled on this VPN and PFS turned on. Not sure why but at least its working.
thanks
Kevin
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide