I have a bunch of ASA 5505 boxes all over the place.
I recently had a new box up but I could not connect to it. all other asa5505 boxes are perfectly connectable.
The configurations I went through line by line are identical to the other boxes, with the exception of timezone not set and instaead of using crypto isakmp encrption aes, it is using aes-192, same sha hash group 2
I have double check the IP address, it is valid. the ip address is also pingable.
it is not the group password because the status don't go further than contacting security gateway in VPN client.
i check with the isp, they said that they do not share ipv4 address yet, and i have power cyled all equipments.
anyone have any suggestions i will appreciate it.
ps. in my configurations, i don't see any access-list to allow incoming udp port 500, even on the working boxes. so i assume asa auto unblocks it once you have a valid crypto map in place?
this problem was put in the queue of TAC and then escalated to a senior engineer.
when we ran the debug crypto isakmp we found the box was rejecting ipsec vpn due to no suitable key combination found. and then it was noted that the Ipsec vpn under windows 7 does not support aes-192. The connection will only work under aes-128 or aes-256
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...