Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started.

New Member

Problems with site to site VPN with 2 ASA 5520

I have been unable to connect 2 ASA 5520 using all default settings within the site to site VPN wizard.

To try and debug the issues we have used commands debug cryto isakmp and debug cryto ipsec, however no debug information appears.

Also when issuing the command show isakmp no information is given:

uk-ciscoasa# show isakmp

There are no isakmp sas

Global IKE Statistics

Active Tunnels: 0

Previous Tunnels: 0

In Octets: 0

In Packets: 0

In Drop Packets: 0

In Notifys: 0

In P2 Exchanges: 0

In P2 Exchange Invalids: 0

In P2 Exchange Rejects: 0

In P2 Sa Delete Requests: 0

Out Octets: 0

Out Packets: 0

Out Drop Packets: 0

Out Notifys: 0

Out P2 Exchanges: 0

Out P2 Exchange Invalids: 0

Out P2 Exchange Rejects: 0

Out P2 Sa Delete Requests: 0

Initiator Tunnels: 0

Initiator Fails: 0

Responder Fails: 0

System Capacity Fails: 0

Auth Fails: 0

Decrypt Fails: 0

Hash Valid Fails: 0

No Sa Fails: 0

Global IPSec over TCP Statistics


Embryonic connections: 0

Active connections: 0

Previous connections: 0

Inbound packets: 0

Inbound dropped packets: 0

Outbound packets: 0

Outbound dropped packets: 0

RST packets: 0

Recevied ACK heart-beat packets: 0

Bad headers: 0

Bad trailers: 0

Timer failures: 0

Checksum errors: 0

Internal errors: 0

Is there something I am missing in the license, as I only have the base license? Any help would be very appreciated.



  • Other Security Subjects
New Member

Re: Problems with site to site VPN with 2 ASA 5520

If you followed the directions in the ASA quick start guide, there's your problem. The site to site instructions display a 'Tunnel Group Name' as "VPN group 1'. This would ONLY work if you use digital certificates on your network. Re-do the wizard only this time, put the peer address in twice - once in the 'Peer IP Adress' field and also in the "Tunnel Group Name' field and continue on with the instructions.