Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
334
Views
0
Helpful
2
Replies

Unable to create a VPN tunnel on ASA5505

bradfaler
Level 1
Level 1

‎09-25-2008 09:08 PM - edited ‎02-21-2020 03:57 PM

Hey everyone,

This is my first attempt at setting up a VPN with Cisco router and I am running into some trouble.

We have been provided values for our end of the tunnel, but the company on the other side will not provide any help what so ever in setting it up.

I have the ASA 5505 up and running as a router, and I attempted to create the VPN using the VPN wizard with the values I was given. However, once I do so I can't seem to get the tunnel to actually connect.

Since this is my first attempt at setting up a VPN using a cisco router I certainly can't rule out the possibility that I am doing something stupid.. Hopefully someone here can point out what it might be. :)

I've attached an excerpt of the asa5505's log, and the asa5505's running configuration.

Labels:
Preview file
2 KB
Preview file
4 KB
0 Helpful
2 Replies 2

andrew.prince
Level 10
Level 10

‎09-26-2008 12:13 AM

Your issue is with the phase 2 (IPSEC) Encryption and Hash negotiation, possibly the encryption domains local and remote.

What did the remote end give you for these settings?

Have you got the remote end IP range correct.

You have specificed 192.168.0.0 255.255.255.0 as you encryption domain - is this correct, what did you specific this to be to the remote end?

HTH>

0 Helpful

bradfaler
Level 1
Level 1
In response to andrew.prince

‎09-26-2008 08:04 AM

The local network is 192.168.0.0 255.255.255.0, the remote network is 192.168.50.0 255.255.255.0.

The settings I was given were:

Phase1 -

Encryption: 3DES

Hash: SHA

DH: 1

Lifetime: 86400

Preshared Key:

Phase2 -

ESP Encryption 3DES

ESP Authentication

Lifetime 28800

The hash type for phase2 was not specified (unless I am misunderstanding what I copied above), so I am guessing they either want None or SHA.. but they won't give me an answer to that question. I have tried both without any luck.

After re-reading your message it occurs to me that the IP range they have for us on the remote end is probably 192.168.27.0 255.255.255.0. So that is probably one piece of the problem. However, I previously had the asa in the 192.168.27.0 subnet and I had the exact same errors then, which leads me to believe that it is something with the encryption/hash settings.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents