Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA 5505 Site-to-Site VPN not initializing

I have two ASA 5505 running 8.4 and I tried using the VPN wizard and using the CLI but i am not able to get the peers to initialze.  I have looked at other configs and am not seeing what is missing. I have tried packet tracking through the ASDM and its not even seeing the VPN tunnel and keeps trying to go out to the internet.  I have attached both configs for assistance.

  • VPN
1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

ASA 5505 Site-to-Site VPN not initializing

I am glad that you figured out the problem and got the tunnel to initialize. Thanks for posting back to the forum and indicating what you found to be the problem and how you fixed it. This is a good reminder of the importance of making sure that the crypto map matches on both ends. Perhaps now you can mark this issue as solved and this would let other readers know that there is a solution to the problem here.

HTH

Rick

5 REPLIES
New Member

ASA 5505 Site-to-Site VPN not initializing

hello,

i think you must change the vpn-tunnel-protocol to IPSec.

"

...

group-policy GroupPolicy_X.X.X.X attributes

vpn-tunnel-protocol IPSec

...

"

Do you have any Error message in Syslog?

New Member

ASA 5505 Site-to-Site VPN not initializing

vpn-tunnel-protocol ikev1 is for IPSEC v1 and there is a v2 as well.  I am just trying to get phase one to connect and not able to do that.  Through the packet tracer on the ASDM i am not even seeing the packet try to go through the VPN tunnel at all, just trying to go over the internet access-list.

ASA 5505 Site-to-Site VPN not initializing

Hello,

Please change the nat statements and just put them back again without the route-lookup or the no-proxy-arp

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
New Member

ASA 5505 Site-to-Site VPN not initializing

This issue i found was with the crypto map.  one side was setup using IP and subnet and the other side was using OBJ and they was not seeing each other.  Once i changed both sides to match with IP and subnet the vpn tunnel came back up and it is working.

Hall of Fame Super Silver

ASA 5505 Site-to-Site VPN not initializing

I am glad that you figured out the problem and got the tunnel to initialize. Thanks for posting back to the forum and indicating what you found to be the problem and how you fixed it. This is a good reminder of the importance of making sure that the crypto map matches on both ends. Perhaps now you can mark this issue as solved and this would let other readers know that there is a solution to the problem here.

HTH

Rick

1408
Views
0
Helpful
5
Replies
This widget could not be displayed.