Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Verizon DSL VPN problems

Did Verizon DSL (East coast / USA) change VPN practices or filtering today?

We have 4 site-to-site IPSec VPN tunnels up all the time, and today our tunnel to a Verizon DSL endpoint (ASA-5505) will not connect!  This is very frustrating.  Of course Verizon does not "support" VPN tunneling on their DSL, but it has worked fine in the past.  Nothing changed in any configs.  Other 3 VPNs are working fine, but none of the other endpoints are Verizon.

The VPN structure is ASA to ASA so there is no complexity in hardware brands, etc.  Phase 1 will not complete.  Using pre-share/3des/sha/dh1, like we always have.

Thank you!  Hopefully someone else has seen this.



Re: Verizon DSL VPN problems

Hey Michael,

Can you please attach the follwoing debugs from ASA--

debug crypto isakmp 127

debug crypto ipsec 127



Community Member

Re: Verizon DSL VPN problems

There is nothing to debug now since the tunnel came back up, after about 6 hours down.

At the time, a show crypto isakmp sa would return...

On one end, state MM_WAIT_MSG2

On the other, state MM_WAIT_MSG3

So to me that suggested one side would send the initial comm, it would get received by the other side which would send it back, then be waiting for step 3.  The original side never gets the step 2 msg and so it doesn't complete.  From what I could read on various forums, this suggested some sort of intermittent routing as a possible cause, and seeing as Verizon just fixed it themselves, it might have been a Verizon routing problem.  Tho they won't confirm it was, and their routing tests showed there was no problem.

Thank you for giving it some thought tho!


Re: Verizon DSL VPN problems

Thanks for the reply!!

Yes you are right, our side sent the traffic, it was recieved at verizon end, they also responded but that never came back to us. It  can be due to routing or might be some other blockage on transitioning path.

I am glad that this issue is resolved now

Appreciate your time.


CreatePlease to create content