Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1937
  • Last Modified:

Linksys WRV210 to Cisco ASA 5510

I am attempting to connect a Linksys WRV210 to a Cisco ASA 5510 via Ipsec VPN tunnel. I see the initial Phase 1 come across but it is saying there is a mismatch in the configuration. I know it's usually one or more parameters are off but both sides cannot be configured 'exactly' the same because of their difference in operating system builds.

Does anyone know of a walkthrough or configuration list to connect the Linksys WRV210 to a Cisco ASA 5510 via ipsec VPN site-to-site tunnel?

Thanks in advance.
0
AmericanBridge
Asked:
AmericanBridge
  • 3
  • 2
1 Solution
 
arnoldCommented:
The OS each device runs is not the issue.  Add the no xauth to the peer configuration on the ASA and see if that cures the problem.
Excluding public IPs and the passphrase, post the VPN policy you have on each one:
i.e.
ASA
LOCAL LAN:ASA_LAN
Remote LAN:WRV_LAN

Phase1:
Nomal Mode
3des md5
group 1
PFS on
3600
Phase2:
3des MD5
Group1
28800

WRV:
LOCAL LAN: WRV_LAN
REMOTE LAN: ASA_LAN

Phase1
Main Mode
3des md5
group1
PFS on
3600
Phase 2:
3des md5
group1
28800

etc.
0
 
AmericanBridgeAuthor Commented:
ASA 5510 configuration

object-group network NYTEST
 description NYTEST
 network-object 172.28.128.0 255.255.255.0

access-list nonat extended permit ip object-group Headquarters object-group NYTEST

crypto map outside_map 40 match address outside_cryptomap_40
crypto map outside_map 40 set pfs
crypto map outside_map 40 set peer 71.236.76.13
crypto map outside_map 40 set transform-set 3DES ESP-3DES-SHA
crypto map outside_map 40 set security-association lifetime seconds 28800
crypto map outside_map 40 set security-association lifetime kilobytes 4608000

tunnel-group 71.236.76.13 type ipsec-l2l
tunnel-group 71.236.76.13 general-attributes
tunnel-group 71.236.76.13 ipsec-attributes
 pre-shared-key *
 isakmp keepalive disable


Linksys WRV210 configuration
(See attached file
0
 
AmericanBridgeAuthor Commented:
Attached file
1.JPG
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
arnoldCommented:
I am not sure whether group2 is the default.  This might be where the mismatch is.
You are also setting an expiration based on the amount of data transmitted which is not setup on the wrv.  This might not be an issue.
ESP-3DES-SHA on the Cisco while on the WRV you have ESP-3des-md5.
0
 
AmericanBridgeAuthor Commented:
Well I messed around with the encryption and DH groups and came out on top. The linksys is very picky about remote LAN IP address and subnet whereas the ASA will accept a more open subnet that includes the remote LAN ip address and subnet.
0
 
cokolowitzCommented:
The IP subnet listed under the Remote Server Group on the Linksys needs to match what you have under the crypto map <...> match address on the ASA or the Linksys will not complete phase 2 of the tunnel.
0

Featured Post

Become a Leader in Data Analytics

Gain the power to turn raw data into better business decisions and outcomes in your industry. Transform your career future by earning your MS in Data Analytics. WGU’s MSDA program curriculum features IT certifications from Oracle and SAS.  

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now