Cisco Support Community
Community Member

Possible Version Issue between ASAs?


I was hoping someone could offer some type of advice.  I have a Site to Site VPN connection going and up until recenty we were connecting and pinging fine.  

Now, the other site has updated their ASA 5545 to Version 8.612 while our ASA 5540 still has Version 8.25.  Since their change we can not make a connection.

As of right now, we can not upgrade this ASA until a later date but I wanted to know if anyone else thought that the difference in versions could in fact be the issue?

I can say that all of our phases configs match as they did not change.  We are getting MSG6.  We have changed the PSK at least six times. So the difference in versions is all I can figure that could be causing the issue.

Any thoughts or ideas around this?

Everyone's tags (1)
Hall of Fame Super Silver

I've run remote access VPNs

I've run remote access VPNs between newer and older versions in many implementations. They are definitely compatible.

You can run into issues with offered IKE algorithms and such but if they're configured on both ASAs, you should get a Phase 1 assuming the PSK is correct.

Be sure to enter it the PSK and not paste it into a dialog box - I have seen that latter method cause what you know was in your clipboard correctly fail in practice. You can triple check by displaying the PSK in plain text from the cli via the "more system:running-config | i pre-shared" command

CreatePlease to create content