ASA 5520 ver 8.0 to AWS VPC VPN

Hi Folks,
I am trying to get a tunnel up to our AWS VPC in Oregon from our ASA running 8.0. (I know this is an old version. We are getting a new firewall in the next few months, so this is temporary)
We have a tunnel from the same ASA to our AWS VPC in Northern California that is up and working.
When I run sh crypto isakmp sa the tunnel doesn't even show.
I have tried removing and recreating it from scratch. Everything I have checked seems to be complete when comparing it to the working tunnel.

I am trying to monitor the syslog to see where it's failing but not sure what to filter on.
Any ideas?

Thanks in advance.
mate0grand3Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

mate0grand3Author Commented:
Here is the error I am getting when I Filter By: "crypto"



%ASA-3-713061: Tunnel rejected: Crypto Map Policy not found for
Src:source_address, Dst: dest_address!
This message indicates that the adaptive security appliance was not able to find security policy information for the private networks or hosts indicated in the message. These networks or hosts were sent by the initiator and do not match any crypto ACLs at the adaptive security appliance. This is most likely a misconfiguration.
NetExpert Network Solutions Pte LtdTechnical SpecialistCommented:
Logs : %ASA-3-713061: Tunnel rejected: Crypto Map Policy not found for
Src:source_address, Dst: dest_address!

Its pretty much clear that the AWS VPC is not set properly. You need to verify the crypto map config on both ASA and VPC side.

can you paste your ASA crypto config here

I have attached the step by step configuration method of ipsec vpn between AWS VPC to ASA here

Connecting Cisco ASA to VPC EC2 Instance (IPSec)

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mate0grand3Author Commented:
Hi NetExpert,

After fighting with it for 2 days, I just set up a temp VPN server using pfSense on some lab hardware. The tunnel was up in no time as the setup is straight forward on the pfSense side.

We are putting in a new Palo Alto soon (I also have setup multiple tunnels to AWS on our production side Palo Alto with no issues.)

The asa is so out of date and I am inheriting an ugly config on it that doesn't seem to behave well, so I just cut my losses and will transfer only what I need to the new Firewall.

Sorry I had to abandon this one, as I would have liked an answer, but there was just no reason to spend the time.

Thanks,
Matthew
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VPN

From novice to tech pro — start learning today.