Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
325
Views
0
Helpful
5
Replies

Trouble establishing VPN between RV120 and ASA5512

Steveri11
Level 1
Level 1

‎04-22-2016 08:34 AM

I am having trouble establishing a site to site VPN tunnel between a remote site with an RV120 and the main office with an ASA5512. The difference between the UI on the RV120 and the ASDM on the ASA and the fact that the RV120 has no CLI are making it difficult for me to verify that all my settings match. 

The logs on the RV120 indicate that phase 1 is completing successfully but phase 2 fails:

Using IPsec SA configuration 10.17.0.0/24 <-> 10.50.0.0/24

Configuration found for xxx.xxx.xxx.xxx

Initiating new phase 2 negotiation: xxx.xxx.xxx.xxx[0]<=>xxx.xxx.xxx.xxx[0]

Error: Phase 2 negotiation failed due to to time up. c6bfd4752365537f:0e1b1b4e754fe194:eb93458b

Labels:
0 Helpful
5 Replies 5

Marius Gunnerud
VIP
VIP

‎04-22-2016 11:25 AM

What version is the RV120 running?  Have you tried upgrading the RV120?

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Steveri11
Level 1
Level 1
In response to Marius Gunnerud

‎04-22-2016 12:36 PM

Thank you for the reply. The running firmware is 1.0.5.9 which is the current version. 

0 Helpful

Marius Gunnerud
VIP
VIP
In response to Steveri11

‎04-22-2016 11:43 PM

on the ASA could you run the following debug commands and then try to send traffic over the tunnel:

debug crypto condition peer <RV120 public IP>

debug crypto ikev1 127

debug crypto ipsec 127

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Steveri11
Level 1
Level 1
In response to Marius Gunnerud

‎04-23-2016 11:16 AM

The tunnel never establishes. IKE phase 2 fails. 

0 Helpful

Marius Gunnerud
VIP
VIP
In response to Steveri11

‎04-24-2016 04:47 AM

IKE phase 2 is the encryption of data...IKE phase one establishes the tunnel.  Please run the debugs to see if you are seeing the same on the ASA.  If it is infact phase two that is failing check the encryption domain and make sure it is correct and a mirror image of eachother on the RV120 and ASA

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Customers Also Viewed These Support Documents