ASA5510 and Globesurfer Site-to-Site VPN

stancred · ‎10-29-2008

I am trying to configure a Site to Site VPN between an ASA5510 and a Globesurfer_II via 3G. I have am almost sure that the problem lies with the GlobeSurfer. But I am hoping that someone else may have seem a similiar problem. I am not even getting pass the first phase of isakmp. I m running ver 7.2 of the ASA software.

I have also test the same globe surfer device using a known working VPN client and it also fails. Take a the Globe Surfer and the Cisco VPN client works using teh same 3g sim.

Any ideas on how to trouble shoot this issue or even fix it.

singhsaju · ‎10-29-2008

Hello,

Try to match Isakmp/Ipsec parameters on both sides.

First use simple /basic parameters to just bring up tunnel .Make sure you are able to ping the VPN peers .Check if there is no NAT/PAT device in between.

Phase 1

----------

authentication: pre-share

encryption: 3des

Hash: md5

DH group : group 2

Lifetime for phse 1 SA : 86400 seconds

Match the isakmp key both sides.

Phase 2:

------------

Transform set: ESP-3DES

Crypto ACL: mirror traffic

Life time for Phase 2 SA : 3600 seconds

Match above parameters for phase1 and phase 2 on both ends vpn devices.

Do not use optional parameters initially like PFS etc. Just try to bring up tunnel with only required parameters.

HTH

Saju