I'm looking to get a remote office RV220W connected to my ASA5510. I have several PIX 501 and ASA5505's connected to the ASA5510.
I've setup everthing similar that I can think of though I'm still not connecting.
Exchange mode: Aggressive (for using FQDN Ident)
Remotes are all DHCP, so setup Local Identifier on RV220W as FQDN and typed in a FQDN for the remote RV220W. That is the same name I used for the Tunnel-Group on the ASA. Remote is IP, ASA is setup to send IP for Ident.
3DES, SHA, DH2, 28800
Auto Policy, Remote Endpoint IP
SA-Lifetime: 86400, 3DES, SHA-1, PFS Enabled, DH2
Below is the Log from the RV220W. The line that stuck out to me was:
The SA-Lifetimes were reversed. I had the 28800 swapped with the 86400 lifetime.
PFS was Ticked, it should have been unchecked.
Though the most crutial mistake was using GMT-8 Pacific Standard Time for the Timezone setting. I'm running software version 22.214.171.124 and the timezone GMT-8 Pacific Standard Time seems to really be -16, not -8. Switching to GMT -8 Pitcairn Island Time Lead me to the finding the SA Lifetime issues.
Hi every one!!!When you are configuring a remote VPN connection, there
are some steps that are lost on the path. Here you can see those steps.
A) In your Cisco device: 1. Ensure you don´t have any rule denying the
traffic between the device and the remote...
** Update **These and a number of other issues have been addressed in
SRP520 MR3. Please see https://supportforums.cisco.com/docs/DOC-13853
for details on how to access this code.There have been a number of
reports of the SRP500 becoming unresponsive afte...
STANDARDSOURCECOMMENTSEthernet RJ-45 connector pin number12345678IEEE
802.3afusing data pairsRXDC+RXDC+TXDC-sparespareTXDC-sparespareIndustry
Standard for Embedded POE(used by Cisco Catalyst Switches)IEEE
802.3afusing spare pairs RXRXTXDC+DC+TXDC-DC-Indus...