ASA5505 LAN-to-LAN Tunnel termination on 2821

Unanswered Question
Jun 19th, 2007


we are building a new site in Russia, Moscow this week (actual, I'm sitting here!). We have bought an ASA5505 as VPN Tunnel endpoint in Moscow and would like to connect to our WHQ in US.

The WHQ Team provides me a sample config for an 871 Router and I now need to adapt it on the ASA.

I urgently need some help in understanding the Tunnel configuration on the ASA Device, because right now (after creating a new transform-set allowing transport) I got IKE Phase1 ready, but than a "no proposal chosen" Message. I've heard rumours, that the ASA Tunnel could not connect to the 2821, but I can't really believe, that one Cisco device could not connect to an other.

I can't access the WHQ Site router to see it's config, but I can provide ASA config and the sample config the WHQ provide for an 871 (and from which they said, it works).

Does someone has related information for me in order to get this running?

Thanks in advance for any help!

Oliver Grube

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
shomar Tue, 06/19/2007 - 03:17

Hi Oliver,

It doesn't make sense to hear that the ASA doesn't connect to the 2821 router. after all, the VPN code on the IOS is the saem.

If you can provide the sample config and the ASA config maybe I can look at that and check if I would be able to help :)



olgr Tue, 06/19/2007 - 05:28


Thanks for response.

This is the sample config, we should use on 871 Routers...

The next message will show the ASA config.

olgr Tue, 06/19/2007 - 05:35

This is the ASA 5505 Config right now.

To be honest, I think, I've made some general misunderstandings on the tunnel configuration. I've setup tunnels with Nortel VPN devices before and because I don't do this each day, it perhaps lack some general config needs.

However, sitting here in Moscow with no other option forces the need to get a solution.

Every help is welcome!





This Discussion