Cisco 5505 Configuration - KEv1 was unsuccessful at setting up a tunnel
Posted on 2014-08-08
I am a new Employee at a company and was asked to configure a CISCO ASA 5505 , first time doing this and was told to copy the running configuration from a current working ASA and modify it on the current ASA.
Both ASAs have same firmware - 8.4.3
Ran crypto key generation rsa (Don't know if relevant as I am leaning how all the protocols are involved in VPN communication)
I copied the running configuration and thought I modified it correctly but when ASA startup configure was reload the logging loops with the following
%ASA-4-713157: IP = <I removed this as not sure if this is a security risk>, Timed out on initial contact to server [ XXX Deleted ] Tunnel could not be established.
%ASA-4-752012: I. Map Tag = _vpnc_cm. Map Sequence Number = 10.
%ASA-3-752015: Tunnel Manager has failed to establish an L2L SA. All configured IKE versions failed to establish the tunnel. Map Tag= _vpnc_cm. Map Sequence Number = 10.
%ASA-5-111008: User 'Easy VPN Dynamic Configurator' executed the 'clear configure tunnel-group' command.
%ASA-5-111010: User 'Easy VPN Dynamic Configurator', running 'N/A' from IP 0.0.0.0, executed 'clear configure tunnel-group'
%ASA-5-111008: User 'Easy VPN Dynamic Configurator' executed the 'clear configure crypto map _vpnc_cm' command.
%ASA-5-111010: User 'Easy VPN Dynamic Configurator', running 'N/A' from IP 0.0.0.0, executed 'clear configure crypto map _vpnc_cm'
%ASA-5-752004: Tunnel Manager dispatching a KEY_ACQUIRE message to IKEv1. Map Tag = _vpnc_cm. Map Sequence Number = 10.
%ASA-4-752010: IKEv2 Doesn't have a proposal specified
Not sure if relevant but I added a VPN Client User to the Domain Account but I don't think this matters as I believe this issue relates that the ASA can't connect get a tunnel established?
Additional Information which may be helpful:
show crypto ikev1 sa
1 IKE Peer: <I removed this IP>
Type : user Role : initiator
Rekey : no State : AM_WAIT_MSG2
Lastly when I was googling I saw a comment stating "appears you have not applied the crypto map to the interfaces" but I don't know which interface I should apply to as I don't want cause more issues? Thanks for any help and let me know what logs could help.