ASA5510 and Globesurfer Site-to-Site VPN

Unanswered Question
Oct 29th, 2008
User Badges:

I am trying to configure a Site to Site VPN between an ASA5510 and a Globesurfer_II via 3G. I have am almost sure that the problem lies with the GlobeSurfer. But I am hoping that someone else may have seem a similiar problem. I am not even getting pass the first phase of isakmp. I m running ver 7.2 of the ASA software.


I have also test the same globe surfer device using a known working VPN client and it also fails. Take a the Globe Surfer and the Cisco VPN client works using teh same 3g sim.


Any ideas on how to trouble shoot this issue or even fix it.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
singhsaju Wed, 10/29/2008 - 08:05
User Badges:
  • Silver, 250 points or more

Hello,


Try to match Isakmp/Ipsec parameters on both sides.

First use simple /basic parameters to just bring up tunnel .Make sure you are able to ping the VPN peers .Check if there is no NAT/PAT device in between.




Phase 1

----------

authentication: pre-share

encryption: 3des

Hash: md5

DH group : group 2

Lifetime for phse 1 SA : 86400 seconds

Match the isakmp key both sides.


Phase 2:

------------

Transform set: ESP-3DES

Crypto ACL: mirror traffic

Life time for Phase 2 SA : 3600 seconds



Match above parameters for phase1 and phase 2 on both ends vpn devices.



Do not use optional parameters initially like PFS etc. Just try to bring up tunnel with only required parameters.


HTH

Saju

Actions

This Discussion