03-26-2018 01:56 PM - edited 03-12-2019 05:08 AM
03-27-2018 02:02 AM
03-27-2018 08:32 AM
Hi RJI,
Please review this configuration for IPSec:
crypto ipsec ikev1 transform-set azure-ipsec-proposal-set esp-aes-256 esp-sha-hmac
crypto ipsec security-association lifetime seconds 3600
crypto ipsec security-association lifetime kilobytes 102400000
tunnel-group 104.x.x.x type ipsec-l2l
tunnel-group 104.x.x.x ipsec-attribute
ikev1 pre-shared-key <Pre-Shared-Key>
Thanks,
Omid
03-27-2018 08:37 AM
03-27-2018 08:48 AM
By the way, the other end is Microsoft Azure(Policy base VPN connection) it is not ASA.
Here you are:show access:
access-list azure-vpn-acl extended permit ip object-group On-Prem-Net object-group Azure-Network
crypto map Cust-OutSell_map 4 match address azure-vpn-acl
crypto map Cust-OutSell_map 4 set peer x.x.x.x(Azure Gateway IP)
crypto map Cust-OutSell_map 4 set ikev1 transform-set azure-ipsec-proposal-set(esp-aes-256 esp-sha-hmac)
crypto ikev1 policy 5
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 28800
03-27-2018 08:53 AM
03-27-2018 09:09 AM
those are my on-prem(private) network range and Azure network, in this case, I use 20.20.10.0/24.
I used this steps to configure both:
03-27-2018 09:16 AM
03-27-2018 09:42 AM
Oh, you are right my object-group network IP range was 20.20.10.0 instead of 20.20.0.0/16.
Realy appreciate your guidance and time.
Omid
03-27-2018 02:04 PM
Now the VPN is connected but there is no traffic ESP on the connection.So the problem right now is in Phase 2.
04-12-2018 09:19 AM
Please look at this error, That packet dropped!
Phase: 5
Type: VPN
Subtype: ipsec-tunnel-flow
Result: DROP
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0xae2cbd68, priority=70, domain=ipsec-tunnel-flow, deny=false
hits=13, user_data=0x0, cs_id=0xadf3d260, reverse, flags=0x0, protocol=0
src ip/id=10.10.8.0, mask=255.255.252.0, port=0, tag=0
dst ip/id=10.20.0.0, mask=255.255.0.0, port=0, tag=0, dscp=0x0
input_ifc=Cust-OutSell, output_ifc=any
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide