Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IPSEC VPN issue - ASA 5510 FW to Router

Hi

I have this issue, Phase 1 & 2 confirmed and see the crypto ipsec sa, still traffic is failing.

On debug crypto isakmp 200, i am seeing the follow message.

Received keep-alive of type DPD R-U-THERE-ACK

ASA 5510 cfg ios -

interface GigabitEthernet0/0

nameif outside

security-level 0

ip address 20.46.3.2 255.255.255.0

access-list mynetwork extended permit ip host 10.8.8.8 host 10.2.2.2

crypto ipsec transform-set cisco esp-des esp-md5-hmac

crypto map intnet 10 match address mynetwork

crypto map intnet 10 set pfs

crypto map intnet 10 set peer 10.10.4.4

crypto map intnet 10 set transform-set cisco

crypto map intnet interface outside

crypto isakmp enable outside

crypto isakmp policy 10

authentication pre-share

encryption 3des

hash md5

group 2

lifetime 86400

group-policy DfltGrpPolicy attributes

vpn-tunnel-protocol IPSec l2tp-ipsec

tunnel-group 10.10.4.4 type ipsec-l2l

tunnel-group 10.10.4.4 ipsec-attributes

pre-shared-key mypass123

Router

crypto isakmp policy 10

encr 3des

hash md5

authentication pre-share

group 2

crypto isakmp key mypass123 address 20.46.3.2

!        

crypto ipsec transform-set cisco esp-des esp-md5-hmac

!

ip access-list extended vpn

permit ip host 10.2.2.2 host 10.8.8.8

!

crypto map cisco 10 ipsec-isakmp

set peer 20.46.3.2

set transform-set cisco

set pfs group2

match address vpn

!

interface FastEthernet0/0.104

encapsulation dot1Q 104

ip address 10.10.4.4 255.255.255.0

crypto map cisco

Any suggestions?

Thanks

Nouaj

275
Views
0
Helpful
0
Replies
CreatePlease login to create content