Solved

VPN Tunnel ASA

Posted on 2008-06-25
10
2,186 Views
Last Modified: 2011-04-01
I have set up serveral VPN tunnels in the past but I can't seem to get this one working. It is between a ASA 5520 on my end and a ASA 5510 on the other end. Every thing looks right. I had the other engineer check some things on his end and they also seem right. The weird thing is we set the tunnel for 3DES/MD5 encryption and when I issue the command "sh isakmp sa detail" I get the following information for the tunnel. Any ideas why it would say the encryption is AES-256/SHA?

IKE Peer: x.x.x.x
    Type    : user            Role    : initiator
    Rekey   : no              State   : AM_WAIT_MSG2
    Encrypt : aes-256         Hash    : SHA      
    Auth    : preshared       Lifetime: 0
0
Comment
Question by:wilsj
  • 4
  • 4
  • 2
10 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 21865151
Are you sure the crypto map matches at the other end?
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 21865259
Also

>>AM_WAIT_MSG2

Somebody is in aggressive mode? by default Cisco negotiates in Main Mode like so..

hostname# show crypto isakmp sa

   Active SA: 1
    Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)
Total IKE SA: 1

1   IKE Peer: 123.123.123.123
    Type    : L2L             Role    : initiator
    Rekey   : no              State   : MM_ACTIVE <<<<<<<<<<<<<<<<<<
0
 
LVL 3

Assisted Solution

by:AugustTen
AugustTen earned 50 total points
ID: 21865269
The IPSEC tunnel may use 3DES/MD5, it is hard to tell as you only show the ISAKMP attributes...

Can you post some more details?
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 5

Author Comment

by:wilsj
ID: 21865285
That is one of the things I asked him to check but he says it is ESP-3des-md5. But could that be a reason it is showing up like that?


>>Somebody is in aggressive mode? by default Cisco negotiates in Main Mode like so..

Yeah I changed to aggresive because his was set to aggresive.
0
 
LVL 57

Accepted Solution

by:
Pete Long earned 450 total points
ID: 21865286
0
 
LVL 5

Author Comment

by:wilsj
ID: 21865342
More details? what command would give you the information that you want to see Augusten?
0
 
LVL 5

Author Comment

by:wilsj
ID: 21865437
here is what I get when I issue the command "deb crytpo isakmp 10"

lol before I paste I think I may have found the problem.
0
 
LVL 3

Expert Comment

by:AugustTen
ID: 21865458
Attach sanitized relevant parts of the configuration or run 'debug crypto isakmp' and 'debug crypto ipsec' and attach the output.
0
 
LVL 5

Author Comment

by:wilsj
ID: 21865486
yeah the problem was that he gave me the wrong Peer IP. I was able to find this out issuing the deb crypto isakmp 10 command. It showed me trying to bring a tunnel up with one Peer and him trying to initiate another one with a different peer. Thanks for the help guys.
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 21866091
:)

ThanQ
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now