I'm having an issue connecting the ASA at our office to one of our remote employees. I'm also not sure where the issue lies, as we've been through a handful of changes in the past few weeks, and I don't know for sure what corresponds to the trouble (it was working about 3 weeks ago).
Things that I know have happened:
Another remote employee left, leading me to delete the site-to-site settings for his network. Hopefully, I didn't delete something important to our remaining employee.
The remote user was having trouble getting his DHCP to renew with his ISP, so he did a firmware upgrade. Went from 188.8.131.52-tm to 1.3.13.02-tm. Apparently, the hardware itself was too old to run anything newer.
When the firmware upgrade started causing VPN issues, it was assumed that the router was dying (it's 3+ years old). This led to a new router purchase. The new router is running v4.0.4.02-tm. It also can't get the VPN running.
Another factor is that when the new router was connected, the ISP gave him a new IP address. I made the change (through telnet) to the IP. Still no luck.
My best guess is that the firmware upgrade did something - some new feature that prevents this from working properly. However, I'm trying to check all avenues.
I've tried doing a packet trace through my ASA ASDM interface, and it successfully got traffic to the other network. So, I think that the VPN's up, just not transmitting proper packets. I also get this when I do a "sh cry isa sa":
Active SA: 1
Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)
Total IKE SA: 1
1 IKE Peer: x.y.z.110
Type : L2L Role : responder
Rekey : no State : MM_ACTIVE
I've attached the config of the ASA, as well as some screen shots of the Linksys's VPN configuration.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :