Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ezvpn between asa 5520 and cisco 891w

Hello,

I am trying to establish a vpn session between an asa 5520 and cisco 891w.

The 5520 is a fully working vpn server (around 200 ipsec tunnels) and most of them are remote 5505 boxes (ezvpn)

for my new cisco 891, i did the ezvpn setup (group authentication, preshared key, username, password, peer ip)

and still got no luck, tunnel is still down

on the remote cisco 891w i am getting

Aug 15 17:41:23.670: %CRYPTO-6-EZVPN_CONNECTION_DOWN: (Client)  User=  Group=cisco-hwvpn  Server_public_addr= ---.---.---.---

Aug 15 17:41:25.178: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Aggressive mode failed with peer at ---.---.---.---

Aug 15 17:41:33.154: %CRYPTO-6-IKMP_NOT_ENCRYPTED: IKE packet from ---.---.---.--- was not encrypted and it should've been. Aug 15 17:41:23.670: %CRYPTO-6-EZVPN_CONNECTION_DOWN: (Client)  User=  Group=cisco-hwvpn  Server_public_addr=---.---.---.---
Aug 15 17:41:25.178: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Aggressive mode failed with peer at ---.---.---.---
Aug 15 17:41:33.154: %CRYPTO-6-IKMP_NOT_ENCRYPTED: IKE packet from ---.---.---.--- was not encrypted and it should've been.

---> ---.---.---.--- is the vpnserver (asa)

on the vpnserver 5520

real time log viewer shows repeated " duplicate phase 1 detected retransmitting last packet " "P1 Retransmit msg dispatched to AM FSM"

it look like i am still failing IKE phase 1

can you help on this ?

388
Views
0
Helpful
0
Replies
CreatePlease login to create content