Linksys WRV210 to Cisco ASA 5510

I am attempting to connect a Linksys WRV210 to a Cisco ASA 5510 via Ipsec VPN tunnel. I see the initial Phase 1 come across but it is saying there is a mismatch in the configuration. I know it's usually one or more parameters are off but both sides cannot be configured 'exactly' the same because of their difference in operating system builds.

Does anyone know of a walkthrough or configuration list to connect the Linksys WRV210 to a Cisco ASA 5510 via ipsec VPN site-to-site tunnel?

Thanks in advance.
LVL 1
AmericanBridgeAsked:
Who is Participating?
 
arnoldCommented:
I am not sure whether group2 is the default.  This might be where the mismatch is.
You are also setting an expiration based on the amount of data transmitted which is not setup on the wrv.  This might not be an issue.
ESP-3DES-SHA on the Cisco while on the WRV you have ESP-3des-md5.
0
 
arnoldCommented:
The OS each device runs is not the issue.  Add the no xauth to the peer configuration on the ASA and see if that cures the problem.
Excluding public IPs and the passphrase, post the VPN policy you have on each one:
i.e.
ASA
LOCAL LAN:ASA_LAN
Remote LAN:WRV_LAN

Phase1:
Nomal Mode
3des md5
group 1
PFS on
3600
Phase2:
3des MD5
Group1
28800

WRV:
LOCAL LAN: WRV_LAN
REMOTE LAN: ASA_LAN

Phase1
Main Mode
3des md5
group1
PFS on
3600
Phase 2:
3des md5
group1
28800

etc.
0
 
AmericanBridgeAuthor Commented:
ASA 5510 configuration

object-group network NYTEST
 description NYTEST
 network-object 172.28.128.0 255.255.255.0

access-list nonat extended permit ip object-group Headquarters object-group NYTEST

crypto map outside_map 40 match address outside_cryptomap_40
crypto map outside_map 40 set pfs
crypto map outside_map 40 set peer 71.236.76.13
crypto map outside_map 40 set transform-set 3DES ESP-3DES-SHA
crypto map outside_map 40 set security-association lifetime seconds 28800
crypto map outside_map 40 set security-association lifetime kilobytes 4608000

tunnel-group 71.236.76.13 type ipsec-l2l
tunnel-group 71.236.76.13 general-attributes
tunnel-group 71.236.76.13 ipsec-attributes
 pre-shared-key *
 isakmp keepalive disable


Linksys WRV210 configuration
(See attached file
0
Get Certified for a Job in Cybersecurity

Want an exciting career in an emerging field? Earn your MS in Cybersecurity and get certified in ethical hacking or computer forensic investigation. WGU’s MSCSIA degree program was designed to meet the most recent U.S. Department of Homeland Security (DHS) and NSA guidelines.  

 
AmericanBridgeAuthor Commented:
Attached file
1.JPG
0
 
AmericanBridgeAuthor Commented:
Well I messed around with the encryption and DH groups and came out on top. The linksys is very picky about remote LAN IP address and subnet whereas the ASA will accept a more open subnet that includes the remote LAN ip address and subnet.
0
 
cokolowitzCommented:
The IP subnet listed under the Remote Server Group on the Linksys needs to match what you have under the crypto map <...> match address on the ASA or the Linksys will not complete phase 2 of the tunnel.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.