Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5266
Views
2
Helpful
6
Replies

Cisco ASA VPN site to site: Failed to authenticate the IKE SA

Go to solution
FrejusMA
Level 1
Level 1

‎03-23-2023 11:01 AM

Hello Community,

Just set up the site to site VPN between my ASA fw and a remote site using SOPHOS fw via public IP Internet. The VPN is not coming up with error message below:

Local:X.X.X.X:4500 Remote:name:39929 Username:X.X.X.X IKEv2 Negotiation aborted due to ERROR: Failed to authenticate the IKE SA

I suspect this is at phase 1. Can anyone has this before? Please assist.

 

Thank you

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
BlakeBratu
Cisco Employee
Cisco Employee

‎03-24-2023 08:22 PM - edited ‎03-24-2023 08:26 PM

If you're using the right keyring on both ends, can you double-check that your PSK's are matching within your keyring? Additionally, I have seen this error before when one of the peer ID's are mismatched.

View solution in original post

6 Replies 6

Go to solution
MHM Cisco World
VIP
VIP

‎03-23-2023 11:03 AM

Are you use right keyring ?

Go to solution
FrejusMA
Level 1
Level 1
In response to MHM Cisco World

‎03-23-2023 11:33 AM

Thanks for your response.

The remote side confirm to me that he is using the right keyring. So yes.

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to FrejusMA

‎03-25-2023 06:08 AM

can you share the config ?

0 Helpful

Go to solution
BlakeBratu
Cisco Employee
Cisco Employee

‎03-24-2023 08:22 PM - edited ‎03-24-2023 08:26 PM

If you're using the right keyring on both ends, can you double-check that your PSK's are matching within your keyring? Additionally, I have seen this error before when one of the peer ID's are mismatched.

Go to solution
FrejusMA
Level 1
Level 1
In response to BlakeBratu

‎03-29-2023 07:33 AM

Hello Team 

Ramadan Moubarack

@MHM Cisco World  thanks for being available, My problem is solved now. We check the keys on both side and they were no mismatch. The problem as @BlakeBratu mentionned was on the peer ID's. The remote side were using a Sophos Firewall and they need to declare precisely the peer ID. When he puts the right peer ID the VPN comes up immediately. I went deeper to understand and I found out this peer ID was actually the real IP of my IPSEC peer which is weird. I thought the peer ID should be the same as my public IP. My question now is what is the meaning of this peer ID.

Thanks you @BlakeBratu in advance for your response 

Cheers guys.

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP

‎03-29-2023 07:51 AM

You are so so welcome 
please select @BlakeBratu comment as solution. 
thanks 
have a nice day 

0 Helpful
Customers Also Viewed These Support Documents