11-09-2019 03:53 PM
I have no idea why I can't get these two ASA is. Please find the attached Config. I have listed them as ASA A and ASA B.
ASA A is a 5508X and ASA B is a 5506X.
Some of the IP addresses have be obfuscated. Number have been replaced with letter...however they are consistent. For example if 123.321 was changed to RRR.SSS, it would always have been so.
Both systems are system with an NTP server so the time stamps on the debugs should be accurate.
The Config, the Show Crypto ISAKMP SA and the Show Crypto IKEv1 SA commands, and the results from debugging (debug crypto ikev1 127, debug crypto ipsec 127)
Any help would be greatly appreciated.
Thanks in advance!
11-09-2019 04:15 PM
Hi,
From the output of "show crypto isakmp sa" both ASA have initated a VPN, but the state is "MM_WAIT_MSG2" which indicates the ASA is awaiting a response from the peer.
Can the ASAs ping each other?
Could there be a device in the path of the ASAs blocking UDP/500?
HTH
11-09-2019 05:19 PM
Thanks for the response. Between them is the public Internet. I can run IPSec VPN (RA) through each Firewall. So I don’t think there is anything blocked.
Thanks in advance.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide