ASA site to site VPN

Answered Question
Jun 12th, 2008
User Badges:


I am trying to create a site to site VPN using Cisco ASA and ISR:

As HQ site, I have an ASA 5505 connected to an 1801 ADSL router. Internet access out from the site is OK, and I can http onto the 1801 router from outside. I cannot seem to get to the ASA at all, the logging in the ASA seems to indicate that traffic is being denied by something.

The test site that I am trying to connect also has an 1801 router with the VPN IOS. When trying to create the tunnel, it gives error messages relating to visibility of the ASA peer. (I read this to be much the same as the above issue)

I have a running config of the ASA if it helps - I would appreciate any pointers in this area as this quite urgent for me.

Thanks in advance...

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
nick-williams Mon, 06/16/2008 - 04:01
User Badges:

Thanks guys,

I now have the ASA refusing the VPN connection with the error message : "5 Jun 16 2008 05:46:07 713904 Group = x.x.x.x, IP = x.x.x.x, All IPSec SA proposals found unacceptable!"

Phsae 1 seems to be completed but it now falls over here.

You will need to modify the access policies in order to access from outside interface.

Modify the icmp rules so you can see if you can ping from other site to your ASA. Once you make sure the remote site is reachable, use the vpn wizzard and you should be able to get a tunnel up.

Make sure your ASA permit the traffic from your current site,also the isakmp uses UDP port 500 which you need to open.


This Discussion