×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

ASA IPsec VPN issues...

Unanswered Question
Nov 21st, 2013
User Badges:

hello all,


I am getting the 412 remote peer not respond .



I have a bunch of ASA 5505 boxes all over the place.

I recently had a new box up but I could not connect to it. all other asa5505 boxes are perfectly connectable.

The configurations I went through line by line are identical to the other boxes, with the exception of timezone not set and instaead of using crypto isakmp encrption aes, it is using aes-192, same sha hash group 2


I have double check the IP address, it is valid. the ip address is also pingable.

it is not the group password because the status don't go further than contacting security gateway in VPN client.


i check with the isp, they said that they do not share ipv4 address yet, and i have power cyled all equipments.

anyone have any suggestions i will appreciate it.


ps. in my configurations, i don't see any access-list to allow incoming udp port 500, even on the working boxes. so i assume asa auto unblocks it once you have a valid crypto map in place?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Y W Mon, 11/25/2013 - 16:11
User Badges:

this problem was put in the queue of TAC and then escalated to a senior engineer.

when we ran the debug crypto isakmp we found the box was rejecting ipsec vpn due to no suitable key combination found. and then it was noted that the Ipsec vpn under windows 7 does not support aes-192. The connection will only work under aes-128 or aes-256


closing this discussion.

Actions

This Discussion