Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

VPN Tunnel ASA

Posted on 2008-06-25
10
Medium Priority
?
2,339 Views
Last Modified: 2011-04-01
I have set up serveral VPN tunnels in the past but I can't seem to get this one working. It is between a ASA 5520 on my end and a ASA 5510 on the other end. Every thing looks right. I had the other engineer check some things on his end and they also seem right. The weird thing is we set the tunnel for 3DES/MD5 encryption and when I issue the command "sh isakmp sa detail" I get the following information for the tunnel. Any ideas why it would say the encryption is AES-256/SHA?

IKE Peer: x.x.x.x
    Type    : user            Role    : initiator
    Rekey   : no              State   : AM_WAIT_MSG2
    Encrypt : aes-256         Hash    : SHA      
    Auth    : preshared       Lifetime: 0
0
Comment
Question by:wilsj
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 2
10 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 21865151
Are you sure the crypto map matches at the other end?
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 21865259
Also

>>AM_WAIT_MSG2

Somebody is in aggressive mode? by default Cisco negotiates in Main Mode like so..

hostname# show crypto isakmp sa

   Active SA: 1
    Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)
Total IKE SA: 1

1   IKE Peer: 123.123.123.123
    Type    : L2L             Role    : initiator
    Rekey   : no              State   : MM_ACTIVE <<<<<<<<<<<<<<<<<<
0
 
LVL 3

Assisted Solution

by:AugustTen
AugustTen earned 200 total points
ID: 21865269
The IPSEC tunnel may use 3DES/MD5, it is hard to tell as you only show the ISAKMP attributes...

Can you post some more details?
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 5

Author Comment

by:wilsj
ID: 21865285
That is one of the things I asked him to check but he says it is ESP-3des-md5. But could that be a reason it is showing up like that?


>>Somebody is in aggressive mode? by default Cisco negotiates in Main Mode like so..

Yeah I changed to aggresive because his was set to aggresive.
0
 
LVL 57

Accepted Solution

by:
Pete Long earned 1800 total points
ID: 21865286
0
 
LVL 5

Author Comment

by:wilsj
ID: 21865342
More details? what command would give you the information that you want to see Augusten?
0
 
LVL 5

Author Comment

by:wilsj
ID: 21865437
here is what I get when I issue the command "deb crytpo isakmp 10"

lol before I paste I think I may have found the problem.
0
 
LVL 3

Expert Comment

by:AugustTen
ID: 21865458
Attach sanitized relevant parts of the configuration or run 'debug crypto isakmp' and 'debug crypto ipsec' and attach the output.
0
 
LVL 5

Author Comment

by:wilsj
ID: 21865486
yeah the problem was that he gave me the wrong Peer IP. I was able to find this out issuing the deb crypto isakmp 10 command. It showed me trying to bring a tunnel up with one Peer and him trying to initiate another one with a different peer. Thanks for the help guys.
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 21866091
:)

ThanQ
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Powerful tools can do wonders, but only in the right hands.  Nowhere is this more obvious than with the cloud.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

598 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question