HOWTO: set up a VPN connection between a RVS4000 on a dynamic IP and an ASA5510(8.2) on a static IP

Unanswered Question
Apr 21st, 2010
User Badges:

Whenever I try to do this, I get a slew of messages in the form:


Apr 21 15:13:41 [IKEv1]: Group = #, IP = #, Header invalid (next payload = 11)


from the ASA.  The RVS4000 is equally unhelpful.

I've made sure they have appropriate Phase 1 settings, and even reset the pre-shared key to "test" to make sure it wasn't typoed.


If anyone else has tried and succeeded with this, can they give me something step-by-step on how to set this up?


Thanks!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mzaccone Fri, 04/30/2010 - 12:12
User Badges:

A little more data and/or screenshots would be helpful.

Alejandro Gallego Sun, 05/02/2010 - 12:52
User Badges:
  • Cisco Employee,

Take a look at the log files on the RVS router. I bet you may see a section where the negotiation begins and the output is just a bunch of hex.


There are a couple of things to note. One make sure your pre-shared key is at least 8 characters long. Two do not use PFS unless you have gotten this to work in the past. At this point I would just recommend deleting the tunnel on the RVS and setting it up again, but this time use a different name and make sure your pre-shared key is longer than 8 characters.


If this still fails please post logs, screenshots or anything else you may feel helpful.

Actions

This Discussion