I've been attempting to create a site-to-site VPN between a pair of SA 540 and SA 520 device both running the 1.1.42 firmware.
Because the SA 540 is being used at our main office, we had a dedicated internet connection installed just to handle the VPN connection.
The current configuration looks like this:
WAN Port: a.a.a.a
Optional Port: b.b.b.b
LAN Port: c.c.c.c
WAN Port: d.d.d.d
LAN Port: e.e.e.e
I used the VPN wizard to create a site-to-site VPN connection as per the documentation, and I set the optional port mode to load-balance the connections at the main office, with all the typical services we use explicitly bound to the WAN Port. However, this was causing frequent short outages for general internet use at the office and I had to disable it for the interim.
While it was configured, neither of the devices would initiate a connection with the following log entries on both sides (this is from the remote office):
2010-06-22 15:57:33: INFO: Using IPsec SA configuration: e.e.e.e/24<->c.c.c.c/24
2010-06-22 15:57:33: INFO: Configuration found for b.b.b.b.
2010-06-22 15:57:33: INFO: Initiating new phase 1 negotiation: d.d.d.d<=>b.b.b.b
2010-06-22 16:01:24: ERROR: Phase 2 negotiation failed due to time up waiting for phase1. ESP b.b.b.b->d.d.d.d
Has anyone been able to get this kind of configuration working between two SA devices? I have read several posts regarding the above log and the units needing to be power-cycled to connect successfully, but I'm not sure if that still applies to the 1.1.42 firmware and it didn't help to resolve my issue at all.
This is regarding your site-ot-site VPN connection. With the description posted on the support community we are unable to reproduce the issue you are seeing. Can you please send us the router configurations so that we can try them in our labs - you can send directly to me. Please change your passwords before sending to us.
Please save the file and send it to us. Please note this file will contain your passwords in clear text, so please change them before sending it over. Also you can send over to me through private email / message if you are not comfortable posting it here.
Please do send the network topology - this is just to make sure that we do the exact setup as yours.
Article ID:3091 Reboot and Factory Default Reset on ISA500 Series
Integrated Security Appliances Objective Reboot or restart of the
network device is made when certain changes in the settings need reboot
or if the device is frozen. The configuration setti...
Article ID:3403 WAN Quality of Service (QoS) Policy Profiles Settings on
ISA500 Series Integrated Security Appliances Objective Wide Area Network
(WAN) Quality of Service (QoS) policy profiles manage traffic through
classed-based profiles. These profiles ...
Article ID:2922 Cisco QuickVPN Installation Tips for Windows Operating
Systems For a video showing installation tips on Quick VPN, visit
http://youtu.be/hHu2z6A78N8 Objective Cisco QuickVPN is a free software
designed for remote access to a network. It is...