Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

site to site VPN on ASA5510

I am creating a site to site VPN on my ASA5510.

When i run

sh crypto isakmp sa 

am getting below message

Active SA: 1

    Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)

Total IKE SA: 1

1   IKE Peer: 168.167.98.187

    Type    : user            Role    : initiator

    Rekey   : no              State   : MM_WAIT_MSG2

what could be the issue?

3 REPLIES
Super Bronze

site to site VPN on ASA5510

Hi,

It means your ASA has sent the initial message for the VPN negotiation and has not received any reply.

Reasons might be

  • Something on your side is blocking the negotiation in front of the ASA. If you have other VPN connections this isnt very likely naturally
  • Something on the remote end is blocking the negotiation from reaching the remote end
  • Soemthing on the remote end is blocking the negotiation reply from reaching your device
  • The remote end has not configured its VPN setting properly. I would imagine this might be the most likely reason

The above are atleast some reasons.

Ask the remote end to confirm that they have VPN configurations related your ASAs peer IP.

Hope this helps

Please do remember to mark the reply as the correct answer if it answered your question.

Naturally ask more if needed

- Jouni

site to site VPN on ASA5510

Jouni

  • Something on your side is blocking the negotiation in front of the ASA.  If you have other VPN connections this isnt very likely naturally

of course i do have other VPN connection i have removed them but still seeing the same message. I will check with the remote end like suggested

Super Bronze

site to site VPN on ASA5510

Hi,

No need to remove any VPN configuration on your part. They shouldnt be related to this issue.

If the output of the above command is always the same when generating traffic for the L2L VPN connection then it would seem there is something wrong between your VPN devices or at the remote end VPN device as its not replying.

Let us know when you hear from the remote site.

- Jouni

143
Views
0
Helpful
3
Replies
CreatePlease login to create content