Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Unable to create a VPN tunnel on ASA5505

Hey everyone,

This is my first attempt at setting up a VPN with Cisco router and I am running into some trouble.

We have been provided values for our end of the tunnel, but the company on the other side will not provide any help what so ever in setting it up.

I have the ASA 5505 up and running as a router, and I attempted to create the VPN using the VPN wizard with the values I was given. However, once I do so I can't seem to get the tunnel to actually connect.

Since this is my first attempt at setting up a VPN using a cisco router I certainly can't rule out the possibility that I am doing something stupid.. Hopefully someone here can point out what it might be. :)

I've attached an excerpt of the asa5505's log, and the asa5505's running configuration.

2 REPLIES

Re: Unable to create a VPN tunnel on ASA5505

Your issue is with the phase 2 (IPSEC) Encryption and Hash negotiation, possibly the encryption domains local and remote.

What did the remote end give you for these settings?

Have you got the remote end IP range correct.

You have specificed 192.168.0.0 255.255.255.0 as you encryption domain - is this correct, what did you specific this to be to the remote end?

HTH>

New Member

Re: Unable to create a VPN tunnel on ASA5505

The local network is 192.168.0.0 255.255.255.0, the remote network is 192.168.50.0 255.255.255.0.

The settings I was given were:

Phase1 -

Encryption: 3DES

Hash: SHA

DH: 1

Lifetime: 86400

Preshared Key:

Phase2 -

ESP Encryption 3DES

ESP Authentication

Lifetime 28800

The hash type for phase2 was not specified (unless I am misunderstanding what I copied above), so I am guessing they either want None or SHA.. but they won't give me an answer to that question. I have tried both without any luck.

After re-reading your message it occurs to me that the IP range they have for us on the remote end is probably 192.168.27.0 255.255.255.0. So that is probably one piece of the problem. However, I previously had the asa in the 192.168.27.0 subnet and I had the exact same errors then, which leads me to believe that it is something with the encryption/hash settings.

124
Views
0
Helpful
2
Replies
CreatePlease login to create content