Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IPSEC VPN issue - ASA 5510 FW to Router


I have this issue, Phase 1 & 2 confirmed and see the crypto ipsec sa, still traffic is failing.

On debug crypto isakmp 200, i am seeing the follow message.

Received keep-alive of type DPD R-U-THERE-ACK

ASA 5510 cfg ios -

interface GigabitEthernet0/0

nameif outside

security-level 0

ip address

access-list mynetwork extended permit ip host host

crypto ipsec transform-set cisco esp-des esp-md5-hmac

crypto map intnet 10 match address mynetwork

crypto map intnet 10 set pfs

crypto map intnet 10 set peer

crypto map intnet 10 set transform-set cisco

crypto map intnet interface outside

crypto isakmp enable outside

crypto isakmp policy 10

authentication pre-share

encryption 3des

hash md5

group 2

lifetime 86400

group-policy DfltGrpPolicy attributes

vpn-tunnel-protocol IPSec l2tp-ipsec

tunnel-group type ipsec-l2l

tunnel-group ipsec-attributes

pre-shared-key mypass123


crypto isakmp policy 10

encr 3des

hash md5

authentication pre-share

group 2

crypto isakmp key mypass123 address


crypto ipsec transform-set cisco esp-des esp-md5-hmac


ip access-list extended vpn

permit ip host host


crypto map cisco 10 ipsec-isakmp

set peer

set transform-set cisco

set pfs group2

match address vpn


interface FastEthernet0/0.104

encapsulation dot1Q 104

ip address

crypto map cisco

Any suggestions?



CreatePlease login to create content