Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN between ASA 5510 and RV042

Dear all,

I am trying to configure site to site VPN between my ASA 5510 8.2(5) and a RV042 router. All the parameters match (phase1, phase2, pfs, lifetimes..) however the tunnel is not coming up.

Phase 1 is stuck at this stage:

10  IKE Peer:

    Type    : L2L             Role    : responder

    Rekey   : yes             State   : MM_ACTIVE_REKEY

11  IKE Peer:

    Type    : L2L             Role    : responder

    Rekey   : no              State   : MM_REKEY_DONE_H2

When i try clearing the tunnel, it goes active for a while and then down again, no traffic flows through the tunnel.

Here is the ASA's VPN configuration:

Here is the ASA config, you can see the matching lifetimes, and pfs is disabled on the router:

crypto isakmp policy 2

authentication pre-share

encryption aes-256

hash sha

group 2

lifetime 86400

crypto map mymap 170 match address cryptomap-UPM

crypto map mymap 170 set peer

crypto map mymap 170 set transform-set ESP-AES-256-SHA

crypto map mymap 170 set security-association lifetime seconds 86400

access-list cryptomap-UPM extended permit ip host host

tunnel-group type ipsec-l2l

tunnel-group ipsec-attributes

pre-shared-key *****

isakmp keepalive threshold 10 retry 3

I attached screen shots of the configuration on the RV042 and the debug outputs from the ASA.

Your help is extremely appreciated!

Thank you,


CreatePlease to create content