I've purchased a brand new ASA 5505 to connect to the Cisco 3640 and I can't even bring up the tunnel. I have tried changing the transform-set to just DES but know luck. I have recently brought up a VPN using DMVPN and the Cisco 501 in a site-to-site but this one has been wondering what is going on.
The router (3640 running 12.4 code)looks ok and with the Cisco 501 working great I don't think I have an issue with the router.
This is a lab environment.
This is the feature set on the ASA 5505
Licensed features for this platform:
Maximum Physical Interfaces : 8
VLANs : 3, DMZ Restricted
Inside Hosts : 10
Failover : Disabled
VPN-DES : Enabled
VPN-3DES-AES : Enabled
VPN Peers : 10
WebVPN Peers : 2
Dual ISPs : Disabled
VLAN Trunk Ports : 0
AnyConnect for Mobile : Disabled
AnyConnect for Linksys phone : Disabled
Advanced Endpoint Assessment : Disabled
This platform has a Base license.
This is a ping from 10.3.4.10 to 10.1.1.1. It doesn't say anything about IPSEC or ISAKMP.
This is what I get when I do the: show crypto ipsec sa
ASA5505(config)# show crypto ipsec sa
There are no ipsec sas
ASA5505(config)# show crypto isakmp sa
There are no isakmp sas
debug crypto isakmp 10
packet input inside icmp 10.3.4.10 8 0 10.1.1.1 detail
I've been working on this for a week and don't really know if I have a bad ASA5505. Since normal stuff like browsing the Internet works and I can ping outside and inside I don't know what to think. See attachments.
"Doing what you asked worked"
Nice to hear that your issue is resolved.
"My question is can I use the ESP-3DES-SHA transform-set instead of the MD5?"
Sure you can.
Please do not forget to rate helpful posts and check "Resolved my issue" box, if the post resolved your issue.