Cisco ASA site-to-site vpn not initiating phase 1 (not sending udp 500 packets)

Posted by Sean Steadman on Server Fault See other posts from Server Fault or by Sean Steadman
Published on 2012-10-26T20:25:55Z Indexed on 2013/11/04 10:00 UTC
Read the original article Hit count: 261

Filed under:
|
|
|
|

I am hoping someone here can help me with my problem.

I am trying to setup an IPSEC site-to-site VPN between two cisco ASA 5520's in GNS3 (both using 8.4.2). I have been unsuccesful in getting the tunnel up and it appears neither ASA is sending packets out,in regards to phase 1 and phase 2 (tested by using wireshark and seeing NO udp 500 packets). Doing show ipsec sa and such shows nothing.

CALIFORNIA(config)# show ipsec sa

There are no ipsec sas

FLA-ASA# show ipsec sa

There are no ipsec sas

I will attach both configurations in two different pastebin files as to keep this post a bit cleaner.

Essentially California side has 172.20.1.0/24 and Florida side has 10.10.10.0/24.

California ASA config: http://pastebin.com/v0pngYzF

Florida ASA config: http://pastebin.com/E2geybta

Please let me know if there is any other vital information that could help. I have gotten IPSEC tunnels to work using openSwan (linux) and cisco routers but cannot for the life of me get ASA IPSEC tunnels to work. The ASDM is out of the question I only use cli. Thanks for any useful help!

© Server Fault or respective owner

Related posts about networking

Related posts about vpn