I can't seem to establish a VPN between remote ASA 5505 and my local 5550 ASA. In my logs I am getting the following:
| | | | | | | | | IP = 62.73.210.83, IKE Initiator: New Phase 1, Intf inside, IKE Peer 62.73.210.83 local Proxy Address 10.199.1.0, remote Proxy Address 10.200.1.240, Crypto map (myMAP) |
IP = 62.73.210.83, Queuing KEY-ACQUIRE messages to be processed when P1 SA is complete.
| | | | | | | | | IP = 62.73.210.83, Error: Unable to remove PeerTblEntry |
| | | | | | | | | IP = 62.73.210.83, Removing peer from peer table failed, no match! |
Remote 5505 ASA:
crypto ipsec transform-set mytrans esp-des esp-md5-hmac
crypto map mymap 10 match address VPNL2L
crypto map mymap 10 set peer 62.73.210.83
crypto map mymap 10 set transform-set mytrans
crypto map mymap 10 set security-association lifetime seconds 3600
crypto map mymap interface outside
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption des
hash md5
group 2
lifetime 86400
crypto isakmp nat-traversal 21
tunnel-group 65.181.59.210 type ipsec-l2l
tunnel-group 65.181.59.210 ipsec-attributes
pre-shared-key *
Local 5550 ASA:
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set mySET esp-des esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map myDYN-MAP 5 set transform-set mySET
crypto dynamic-map myDYN-MAP 5 set security-association lifetime seconds 28800
crypto dynamic-map myDYN-MAP 5 set security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map myMAP 1 match address outside_cryptomap_1
crypto map myMAP 1 set peer 62.73.210.83
crypto map myMAP 1 set transform-set mySET ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map myMAP 65000 ipsec-isakmp dynamic myDYN-MAP
crypto map myMAP interface outside
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 1
authentication pre-share
encryption des
hash md5
group 2
lifetime 86400
crypto isakmp nat-traversal 21
group-policy DfltGrpPolicy attributes
vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
group-policy myGROUP internal
group-policy myGROUP attributes
split-tunnel-policy tunnelspecified
nem enable
group-policy Mearsk internal
group-policy Mearsk attributes
vpn-tunnel-protocol IPSec
tunnel-group DefaultL2LGroup ipsec-attributes
pre-shared-key *
tunnel-group mytunnel type remote-access
tunnel-group mytunnel general-attributes
default-group-policy myGROUP
tunnel-group mytunnel ipsec-attributes
pre-shared-key *
tunnel-group 62.73.210.83 type ipsec-l2l
tunnel-group 62.73.210.83 ipsec-attributes
pre-shared-key *
tunnel-group-map default-group DefaultL2LGroup
