Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Y W
Community Member

ASA IPsec VPN issues...

hello all,

I am getting the 412 remote peer not respond .

I have a bunch of ASA 5505 boxes all over the place.

I recently had a new box up but I could not connect to it. all other asa5505 boxes are perfectly connectable.

The configurations I went through line by line are identical to the other boxes, with the exception of timezone not set and instaead of using crypto isakmp encrption aes, it is using aes-192, same sha hash group 2

I have double check the IP address, it is valid. the ip address is also pingable.

it is not the group password because the status don't go further than contacting security gateway in VPN client.

i check with the isp, they said that they do not share ipv4 address yet, and i have power cyled all equipments.

anyone have any suggestions i will appreciate it.

ps. in my configurations, i don't see any access-list to allow incoming udp port 500, even on the working boxes. so i assume asa auto unblocks it once you have a valid crypto map in place?

1 REPLY
Y W
Community Member

ASA IPsec VPN issues...

this problem was put in the queue of TAC and then escalated to a senior engineer.

when we ran the debug crypto isakmp we found the box was rejecting ipsec vpn due to no suitable key combination found. and then it was noted that the Ipsec vpn under windows 7 does not support aes-192. The connection will only work under aes-128 or aes-256

closing this discussion.

194
Views
0
Helpful
1
Replies
CreatePlease to create content