Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN between ASA 5510 and RV042

Dear all,

I am trying to configure site to site VPN between my ASA 5510 8.2(5) and a RV042 router. All the parameters match (phase1, phase2, pfs, lifetimes..) however the tunnel is not coming up.

Phase 1 is stuck at this stage:

10  IKE Peer: 178.135.62.122

    Type    : L2L             Role    : responder

    Rekey   : yes             State   : MM_ACTIVE_REKEY

11  IKE Peer: 178.135.62.122

    Type    : L2L             Role    : responder

    Rekey   : no              State   : MM_REKEY_DONE_H2

When i try clearing the tunnel, it goes active for a while and then down again, no traffic flows through the tunnel.

Here is the ASA's VPN configuration:

Here is the ASA config, you can see the matching lifetimes, and pfs is disabled on the router:

crypto isakmp policy 2

authentication pre-share

encryption aes-256

hash sha

group 2

lifetime 86400

crypto map mymap 170 match address cryptomap-UPM

crypto map mymap 170 set peer 178.135.62.122

crypto map mymap 170 set transform-set ESP-AES-256-SHA

crypto map mymap 170 set security-association lifetime seconds 86400

access-list cryptomap-UPM extended permit ip host 10.22.3.16 host 192.168.0.7

tunnel-group 178.135.62.122 type ipsec-l2l

tunnel-group 178.135.62.122 ipsec-attributes

pre-shared-key *****

isakmp keepalive threshold 10 retry 3

I attached screen shots of the configuration on the RV042 and the debug outputs from the ASA.

Your help is extremely appreciated!

Thank you,

Fabienne.

739
Views
0
Helpful
0
Replies
CreatePlease to create content