In the output that you selected I see two messages that appear to be significant:
17-10-24 10:22:07 <3> ipsec: "IPsec_Tunnel_1" #172: received Hash Payload does not match computed value
If the computed value does not match the transmitted value then perhaps it indicates some issue in transmission. Can you successfully do a ping between the address used for the VPN to the interface on the peer used for the VPN?
17-10-24 10:22:39 <3> ipsec: "IPsec_Tunnel_1" #172: encrypted Informational Exchange message is invalid because no key is known
This suggests that there is not a key configured for the address of the peer. Can you post the config?
Thanks for the additional information and the config from the ASA. I see several potential issues.
- your ASA config does nat for all traffic going through the outside interface. This would include the VPN traffic. You probably need a nat for the VPN traffic that specifies that no translation be done for the VPN traffic.
- You have configured the VPN tunnel for both IKEv1 and IKEv2. It is not clear what the other end is doing. I am not sure whether it is an issue or not. My experience is that I have always configured a VPN for one or the other.
- your crypto access list indicates that the remote LAN is 192.168.10.0. Your crypto map indicates that the remote peer address is 192.168.10.1. That seems problematic for several reasons, most especially since you are using a public IP on the ASA interface it suggests that you are connecting to the Internet. But 192.168 addresses are not routable on the Internet.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...