Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How do I create a VPN between a RV042 and an ASA5505?

I Posted this in the VPN section about a month ago, but haven't got a single reply. Perhaps I'll have better luck here:

I have a Cisco ASA 5505 and a Cisco/Linksys RV042. I would like to crerate a site to site VPN between them, and from what I've read it is possible. So I set up the connection on both routers but When I click on connect on the RV042 nothing happens. I've made sure that the encryption settings are the same on both routers but I can't get them to connect to each other. I think the problem may be with the RV042 as the ASA has other site to site VPN connections without any proble (although they are on other ASAs). I saw this thread https://supportforums.cisco.com/thread/2011045 but I'm not sure how to disable phase 2 on the RV042 or enable it on the ASA.

Any ideas what setting I need to change on either router to make the site to site work?

2 REPLIES
New Member

How do I create a VPN between a RV042 and an ASA5505?

THis is what shows up in the RV042 log when I try and connect the VPN:

Feb 21 13:30:42 2012VPN Log(g2gips0) #18: initiating Aggressive Mode #18, connection 'g2gips0'
Feb 21 13:30:42 2012VPN Log(g2gips0) #18: [Tunnel Negotiation Info] >>> Initiator Send  Aggressive Mode 1st packet
Feb 21 13:30:42 2012VPN Log(g2gips0) #18: [Tunnel Negotiation Info] >>> Initiator Send  Aggressive Mode 1st packet
Feb 21 13:30:42 2012VPN Log(g2gips0) #18: ignoring Vendor ID payload [Cisco-Unity]
Feb 21 13:30:42 2012VPN Log(g2gips0) #18: ignoring Vendor ID payload [Cisco-Unity]
Feb 21 13:30:42 2012VPN Log(g2gips0) #18: ignoring Vendor ID payload [XAUTH]
Feb 21 13:30:42 2012VPN Log(g2gips0) #18: ignoring Vendor ID payload [XAUTH]
Feb 21 13:30:42 2012VPN Log(g2gips0) #18: received Vendor ID payload [Dead Peer Detection]
Feb 21 13:30:42 2012VPN Log(g2gips0) #18: received Vendor ID payload [Dead Peer Detection]
Feb 21 13:30:42 2012VPN Log(g2gips0) #18: ignoring Vendor ID payload  [4048b7d56ebce88525e7de7f00d6c2d3c0000000]
Feb 21 13:30:42 2012VPN Log(g2gips0) #18: ignoring Vendor ID payload  [4048b7d56ebce88525e7de7f00d6c2d3c0000000]
Feb 21 13:30:42 2012VPN Log(g2gips0) #18: ignoring Vendor ID payload [Cisco VPN 3000 Series]
Feb 21 13:30:42 2012VPN Log(g2gips0) #18: ignoring Vendor ID payload [Cisco VPN 3000 Series]
Feb 21 13:30:42 2012VPN Log(g2gips0) #18: [Tunnel Negotiation Info] <<< Initiator Received  Aggressive Mode 2nd packet
Feb 21 13:30:42 2012VPN Log(g2gips0) #18: [Tunnel Negotiation Info] <<< Initiator Received  Aggressive Mode 2nd packet
Feb 21 13:30:42 2012VPN Log(g2gips0) #18: Peer ID is ID_FQDN: '@asa5505.com'
Feb 21 13:30:42 2012VPN Log(g2gips0) #18: Peer ID is ID_FQDN: '@asa5505.com'
Feb 21 13:30:42 2012VPN Log(g2gips0) #18: [Tunnel Negotiation Info] >>> Initiator send  Aggressive Mode 3rd packet
Feb 21 13:30:42 2012VPN Log(g2gips0) #18: [Tunnel Negotiation Info] >>> Initiator send  Aggressive Mode 3rd packet
Feb 21 13:30:42 2012VPN Log(g2gips0) #18: [Tunnel Negotiation Info] Aggressive Mode Phase 1 SA  Established
Feb 21 13:30:42 2012VPN Log(g2gips0) #18: [Tunnel Negotiation Info] Aggressive Mode Phase 1 SA  Established
Feb 21 13:30:42 2012VPN Log(g2gips0) #18: sent AI2, ISAKMP SA established
Feb 21 13:30:42 2012VPN Log(g2gips0) #19: initiating Quick Mode  PSK+ENCRYPT+AUTHENTICATE+TUNNEL+PFS+AGGRESSIVE {using isakmp#18}
Feb 21 13:30:42 2012VPN Log(g2gips0) #19: [Tunnel Negotiation Info] >>> Initiator send Quick  Mode 1st packet
Feb 21 13:30:42 2012VPN Log(g2gips0) #19: [Tunnel Negotiation Info] >>> Initiator send Quick  Mode 1st packet
Feb 21 13:30:42 2012VPN Log(g2gips0) #18: ignoring informational payload, type NO_PROPOSAL_CHOSEN
Feb 21 13:30:42 2012VPN Log(g2gips0) #18: ignoring informational payload, type NO_PROPOSAL_CHOSEN
Feb 21 13:30:42 2012VPN Log(g2gips0) #18: received Delete SA payload: deleting ISAKMP State #18
Feb 21 13:30:42 2012VPN Log(g2gips0) #18: received Delete SA payload: deleting ISAKMP State #18
Feb 21 13:30:49 2012VPN Log(g2gips0) #15: max number of retransmissions (2) reached STATE_QUICK_I1. No  acceptable response to our first Quick Mode message: perhaps peer likes no  proposal
Feb 21 13:30:49 2012VPN Log(g2gips0) #15: max number of retransmissions (2) reached STATE_QUICK_I1. No  acceptable response to our first Quick Mode message: perhaps peer likes no  proposal
Feb 21 13:30:49 2012VPN Log(g2gips0) #15: starting keying attempt 2 of an unlimited number
Feb 21 13:30:49 2012VPN Log(g2gips0) #20: initiating Aggressive Mode #20, connection 'g2gips0'
Feb 21 13:30:49 2012VPN Log(g2gips0) #20: [Tunnel Negotiation Info] >>> Initiator Send  Aggressive Mode 1st packet
Feb 21 13:30:49 2012VPN Log(g2gips0) #20: [Tunnel Negotiation Info] >>> Initiator Send  Aggressive Mode 1st packet
Feb 21 13:30:49 2012VPN Log(g2gips0) #20: ignoring Vendor ID payload [Cisco-Unity]
Feb 21 13:30:49 2012VPN Log(g2gips0) #20: ignoring Vendor ID payload [Cisco-Unity]
Feb 21 13:30:49 2012VPN Log(g2gips0) #20: ignoring Vendor ID payload [XAUTH]
Feb 21 13:30:49 2012VPN Log(g2gips0) #20: ignoring Vendor ID payload [XAUTH]
Feb 21 13:30:49 2012VPN Log(g2gips0) #20: received Vendor ID payload [Dead Peer Detection]
Feb 21 13:30:49 2012VPN Log(g2gips0) #20: received Vendor ID payload [Dead Peer Detection]
Feb 21 13:30:49 2012VPN Log(g2gips0) #20: ignoring Vendor ID payload  [4048b7d56ebce88525e7de7f00d6c2d3c0000000]
Feb 21 13:30:49 2012VPN Log(g2gips0) #20: ignoring Vendor ID payload  [4048b7d56ebce88525e7de7f00d6c2d3c0000000]
Feb 21 13:30:49 2012VPN Log(g2gips0) #20: ignoring Vendor ID payload [Cisco VPN 3000 Series]
Feb 21 13:30:49 2012VPN Log(g2gips0) #20: ignoring Vendor ID payload [Cisco VPN 3000 Series]
Feb 21 13:30:49 2012VPN Log(g2gips0) #20: [Tunnel Negotiation Info] <<< Initiator Received  Aggressive Mode 2nd packet
Feb 21 13:30:49 2012VPN Log(g2gips0) #20: [Tunnel Negotiation Info] <<< Initiator Received  Aggressive Mode 2nd packet
Feb 21 13:30:49 2012VPN Log(g2gips0) #20: Peer ID is ID_FQDN: '@asa5505.mpe.ca'
Feb 21 13:30:49 2012VPN Log(g2gips0) #20: Peer ID is ID_FQDN: '@asa5505.mpe.ca'
Feb 21 13:30:49 2012VPN Log(g2gips0) #20: [Tunnel Negotiation Info] >>> Initiator send  Aggressive Mode 3rd packet
Feb 21 13:30:49 2012VPN Log(g2gips0) #20: [Tunnel Negotiation Info] >>> Initiator send  Aggressive Mode 3rd packet
Feb 21 13:30:49 2012VPN Log(g2gips0) #20: [Tunnel Negotiation Info] Aggressive Mode Phase 1 SA  Established
Feb 21 13:30:49 2012VPN Log(g2gips0) #20: [Tunnel Negotiation Info] Aggressive Mode Phase 1 SA  Established
Feb 21 13:30:49 2012VPN Log(g2gips0) #20: sent AI2, ISAKMP SA established
Feb 21 13:30:49 2012VPN Log(g2gips0) #21: initiating Quick Mode  PSK+ENCRYPT+AUTHENTICATE+TUNNEL+PFS+AGGRESSIVE {using isakmp#20}
Feb 21 13:30:49 2012VPN Log(g2gips0) #21: [Tunnel Negotiation Info] >>> Initiator send Quick  Mode 1st packet
Feb 21 13:30:49 2012VPN Log(g2gips0) #21: [Tunnel Negotiation Info] >>> Initiator send Quick  Mode 1st packet
Feb 21 13:30:49 2012VPN Log(g2gips0) #20: ignoring informational payload, type NO_PROPOSAL_CHOSEN
Feb 21 13:30:49 2012VPN Log(g2gips0) #20: ignoring informational payload, type NO_PROPOSAL_CHOSEN
Feb 21 13:30:49 2012VPN Log(g2gips0) #20: received Delete SA payload: deleting ISAKMP State #20
Silver

How do I create a VPN between a RV042 and an ASA5505?

HI,

Defiantly phase 2 isn’t negotiating - We don’t have a way to disable phase 2 on RV042. Looking at the logs and knowing other case with customers connecting to Cisco ASA5505 you’ll need to contact TAC for support on the ASA5505. This way they can verify all settings match correctly for your phase 2.Settings on the RV042 is very limited on what we can change or alter. 80% of the time the issue is with settings on ASA5505 and the other times customers didn’t have public IP address on their RV0xx model router which can case problems b/c we can’t specify our vendor payload like ASA5505 can.

IPSec connections for both phase 1 and phase 2 have to match identically for them to connect.

**Knowledge is Power**

        Jasbryan

3582
Views
5
Helpful
2
Replies
CreatePlease login to create content