Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1182
Views
0
Helpful
1
Replies

VPN Issue with 1010

rob1456657
Level 1
Level 1

‎05-18-2021 01:14 PM

Now I have a new issue...

I have a configured Cisco Firepower 1010 with an S2S Tunnel to an ASA 5515x (IKEv2). Traffic is flowing fine to the ASA5515. However, we also have tunnels to the remote sites and they connect IKEv1 to the ASA5515.

 

I have noticed messages in the Log Viewer that state “IKEv2 Negotiation aborted due to ERROR: Create child exchange failed”

Has anyone had issues with such a setup?

1010 (S2S IKEv2) --> ASA5515 (S2S IKEv2)

REM1 (S2S IKEv1 )--> ASA5515 (S2S IKEv1)

Pings and traffic from 1010 --> ASA5515 - Work

Pings and traffic from REM1--> ASA5515 - Work

Pings and traffic from 1010 --> REM1 - Does Not Work

 

Anyone run into this before?

Labels:
0 Helpful
1 Reply 1

rob1456657
Level 1
Level 1

‎05-19-2021 10:45 AM

If anyone looked at this and pondered it, thanks for at least looking but I resolved the issue.

Turns out the Network Object we created didn't cover the interesting traffic so the firewall was trying to send it out to the internet rather than through the tunnel.

Once I reconfigured the network object to include the correct scope everything worked as it should! 

It's the little things that get ya!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents