Cisco Support Community
Community Member

ASA 5510 VPN with remote dual wan

I pretty much use the ASDM for configuring our pair of ASA 5510 and i'm having an issue with the site-to-site VPN's that I setup.

Basically the remote site has a Sonicwall that has dual WAN. Each WAN is configured and so is the VPN tunnel which is bound to "ZONE WAN" which means both of the WAN links.

It seems to cause problems when it fails over and I will get mesasges like: "IKE Initiator unable to find policy dual wan"

Based on my research this is beacuse there is another VPN connection profile using the same Remote Network but has a different peer IP. Well thats the thing is I want there to be two points for the VPN because when the remote Sonicwall fails over it will be coming from another external IP.

So under connectino profiles in ASDM it is like this:, outside, (local network), network), outside, (local network), network) being the Sonicwall's primary IP and being the secondary IP.

Do I have this configured incorrectly and this is why I am running into these problems or better yet is there a better way to configure this?

Community Member

ASA 5510 VPN with remote dual wan

I think I got this figured out.

Instead of adding two connection profiles I only add one. Then I find the crypto map that it generated and open it up then place the second peer IP in the list for that crypto map.

I am using bidirectional and it seems to be working

Community Member

ASA 5510 VPN with remote dual wan

Ok I don't think it is working properly.

Basically when the remote site fails over to the backup internet the VPN won't establish. I see this on the Cisco ASA 5510 when the backup internet is activated: "Xauth required but selected Proposal does not support xauth"

Here is what I have setup:

Main Side:

Cisco ASA 5510

One connection profile configured with the primary external IP of the branch location

On the crypto map that was generated with the connection profile it is set to bidirectional and I added the backup internet IP to the list of peer IP's

Branch Side:

Sonicwall NSA240

VPN is set to point to the ASA 5510 IP address

The vpn is bound to "ZONE WAN" for the interface

It is set using Main Mode with the password

What am I missing or what do I need to do to make this work properly?

Community Member

ASA 5510 VPN with remote dual wan

The exact message on the Cisco ASA 5510:

XAuth required b ut selected Proposal does not support xauth, Check priorities of ike xauth proposals in ike proposal

QM FSM error (P2 struct &0xb4be2628, mess is 0xc54f7ba1)!

Removing peer from correlator table failed, no match!

CreatePlease to create content