Cisco ASA site-to-site vpn not initiating phase 1 (not sending udp 500 packets)
Posted
by
Sean Steadman
on Server Fault
See other posts from Server Fault
or by Sean Steadman
Published on 2012-10-26T20:25:55Z
Indexed on
2013/11/04
10:00 UTC
Read the original article
Hit count: 261
I am hoping someone here can help me with my problem.
I am trying to setup an IPSEC site-to-site VPN between two cisco ASA 5520's in GNS3 (both using 8.4.2). I have been unsuccesful in getting the tunnel up and it appears neither ASA is sending packets out,in regards to phase 1 and phase 2 (tested by using wireshark and seeing NO udp 500 packets). Doing show ipsec sa and such shows nothing.
CALIFORNIA(config)# show ipsec sa
There are no ipsec sas
FLA-ASA# show ipsec sa
There are no ipsec sas
I will attach both configurations in two different pastebin files as to keep this post a bit cleaner.
Essentially California side has 172.20.1.0/24 and Florida side has 10.10.10.0/24.
California ASA config: http://pastebin.com/v0pngYzF
Florida ASA config: http://pastebin.com/E2geybta
Please let me know if there is any other vital information that could help. I have gotten IPSEC tunnels to work using openSwan (linux) and cisco routers but cannot for the life of me get ASA IPSEC tunnels to work. The ASDM is out of the question I only use cli. Thanks for any useful help!
© Server Fault or respective owner