Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
756
Views
0
Helpful
1
Replies

VPN site to site doesnt start

andresitotubia
Level 1
Level 1

‎10-12-2011 09:59 AM

Hello,

Im having problems to load a VPN site to site between Cisco Asa 5510 and 5505. In the 5510 i already have 2 VPNs up and running to others sites (both with Asa 5510). But this one dont even start the phase 1.

Of course i have internet access in both sites, but i can´t find or troubleshoot anything. Nothings comes to my mind. I think that something from the new 5505 is wrong or miss, but i dont know what

Sh ver of the asa 5505

ASA-TA up 58 mins 4 secs

Hardware:   ASA5505, 512 MB RAM, CPU Geode 500 MHz

Internal ATA Compact Flash, 128MB

BIOS Flash Firmware Hub @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)

                             Boot microcode   : CN1000-MC-BOOT-2.00

                             SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03

                             IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.04

0: Int: Internal-Data0/0    : address is 4055.39ee.d9b3, irq 11

1: Ext: Ethernet0/0         : address is 4055.39ee.d9ab, irq 255

2: Ext: Ethernet0/1         : address is 4055.39ee.d9ac, irq 255

3: Ext: Ethernet0/2         : address is 4055.39ee.d9ad, irq 255

4: Ext: Ethernet0/3         : address is 4055.39ee.d9ae, irq 255

5: Ext: Ethernet0/4         : address is 4055.39ee.d9af, irq 255

6: Ext: Ethernet0/5         : address is 4055.39ee.d9b0, irq 255

7: Ext: Ethernet0/6         : address is 4055.39ee.d9b1, irq 255

8: Ext: Ethernet0/7         : address is 4055.39ee.d9b2, irq 255

9: Int: Internal-Data0/1    : address is 0000.0003.0002, irq 255

10: Int: Not used            : irq 255

11: Int: Not used            : irq 255

Licensed features for this platform:

Maximum Physical Interfaces  : 8

VLANs                        : 3, DMZ Restricted

Inside Hosts                 : Unlimited

Failover                     : Disabled

VPN-DES                      : Enabled

VPN-3DES-AES                 : Enabled

SSL VPN Peers                : 2

Total VPN Peers              : 10

Dual ISPs                    : Disabled

VLAN Trunk Ports             : 0

Shared License               : Disabled

AnyConnect for Mobile        : Disabled

AnyConnect for Linksys phone : Disabled

AnyConnect Essentials        : Disabled

Advanced Endpoint Assessment : Disabled

UC Phone Proxy Sessions      : 2

Total UC Proxy Sessions      : 2

Botnet Traffic Filter        : Disabled

This platform has a Base license.

Serial Number: JMX152140Z8

Running Activation Key: 0x5f2ef375 0x78131da1 0x4070b5d8 0xba5c08f8 0x080800b2

Configuration register is 0x1

Configuration last modified by enable_15 at 09:10:55.809 UTC Wed Oct 12 2011

Here is the configs

ASA 5505

access-list vpnassa extended permit ip 192.168.24.0 255.255.255.0 172.16.0.0 255.255.0.0

access-list ACL-VPN-LIMATAND extended permit ip 192.168.24.0 255.255.255.0 172.16.0.0 255.255.0.0

nat (inside) 0 access-list vpnassa

route outside 172.16.0.0 255.255.0.0 200.x.x.x 1

route outside 200.x.x.x 255.255.255.255 200.x.x.x 1

crypto ipsec transform-set myset1 esp-3des esp-sha-hmac

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto ipsec transform-set ESP-AES-SHA esp-aes esp-sha-hmac

crypto ipsec transform-set 3ESP-DES-SHA esp-3des esp-sha-hmac

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

crypto map outside_map 10 match address ACL-VPN-LIMATAND

crypto map outside_map 10 set peer 200.1.x.x

crypto map outside_map 10 set transform-set ESP-3DES-SHA

crypto map outside_map 10 set security-association lifetime seconds 28800

crypto map outside_map 10 set security-association lifetime kilobytes 4608000

crypto isakmp identity address

crypto isakmp enable outside

crypto isakmp policy 30

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

crypto isakmp policy 40

authentication pre-share

encryption aes

hash sha

group 2

lifetime 28800

crypto isakmp policy 70

authentication pre-share

encryption des

hash sha

group 1

lifetime 86400

tunnel-group 200.1.x.x type ipsec-l2l

tunnel-group 200.1.x.x ipsec-attributes

pre-shared-key *

ASA 5510

access-list vpnassa extended permit ip 172.16.0.0 255.255.0.0 192.168.24.0 255.255.255.0

access-list ACL-VPN-LIMATAND extended permit ip 172.16.0.0 255.255.0.0 192.168.24.0 255.255.255.0

nat (inside) 0 access-list vpnassa

route outside 192.168.24.0 255.255.255.0 200.x.x.x 1

route outside 200.x.x.x 255.255.255.255 200.x.x.x 1

crypto ipsec transform-set myset1 esp-3des esp-sha-hmac

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto ipsec transform-set ESP-AES-SHA esp-aes esp-sha-hmac

crypto ipsec transform-set 3ESP-DES-SHA esp-3des esp-sha-hmac

crypto map outside_map 10 match address ACL-VPN-LIMATAND

crypto map outside_map 10 set peer 200.2.x.x

crypto map outside_map 10 set transform-set ESP-3DES-SHA

crypto map outside_map 10 set security-association lifetime seconds 28800

crypto map outside_map 10 set security-association lifetime kilobytes 4608000

crypto isakmp identity address

crypto isakmp enable outside

crypto isakmp policy 30

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

crypto isakmp policy 40

authentication pre-share

encryption aes

hash sha

group 2

lifetime 28800

crypto isakmp policy 70

authentication pre-share

encryption des

hash sha

group 1

lifetime 86400

tunnel-group 200.2.x.x type ipsec-l2l

tunnel-group 200.2.x.x ipsec-attributes

pre-shared-key *

Thanks in advanced

Labels:
0 Helpful
1 Reply 1

mvsheik123
Level 7
Level 7

‎10-12-2011 01:43 PM

Hi,

Please apply crypti map to outside interface on both ends and see if that works.

crypto map outside_map interface

hth

MS

0 Helpful
Customers Also Viewed These Support Documents