09-25-2008 09:08 PM - edited 02-21-2020 03:57 PM
Hey everyone,
This is my first attempt at setting up a VPN with Cisco router and I am running into some trouble.
We have been provided values for our end of the tunnel, but the company on the other side will not provide any help what so ever in setting it up.
I have the ASA 5505 up and running as a router, and I attempted to create the VPN using the VPN wizard with the values I was given. However, once I do so I can't seem to get the tunnel to actually connect.
Since this is my first attempt at setting up a VPN using a cisco router I certainly can't rule out the possibility that I am doing something stupid.. Hopefully someone here can point out what it might be. :)
I've attached an excerpt of the asa5505's log, and the asa5505's running configuration.
09-26-2008 12:13 AM
Your issue is with the phase 2 (IPSEC) Encryption and Hash negotiation, possibly the encryption domains local and remote.
What did the remote end give you for these settings?
Have you got the remote end IP range correct.
You have specificed 192.168.0.0 255.255.255.0 as you encryption domain - is this correct, what did you specific this to be to the remote end?
HTH>
09-26-2008 08:04 AM
The local network is 192.168.0.0 255.255.255.0, the remote network is 192.168.50.0 255.255.255.0.
The settings I was given were:
Phase1 -
Encryption: 3DES
Hash: SHA
DH: 1
Lifetime: 86400
Preshared Key:
Phase2 -
ESP Encryption 3DES
ESP Authentication
Lifetime 28800
The hash type for phase2 was not specified (unless I am misunderstanding what I copied above), so I am guessing they either want None or SHA.. but they won't give me an answer to that question. I have tried both without any luck.
After re-reading your message it occurs to me that the IP range they have for us on the remote end is probably 192.168.27.0 255.255.255.0. So that is probably one piece of the problem. However, I previously had the asa in the 192.168.27.0 subnet and I had the exact same errors then, which leads me to believe that it is something with the encryption/hash settings.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: