[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Site-to-Site VPN Cisco ASA 5505 to Cisco RV320

Posted on 2016-11-04
4
Medium Priority
?
633 Views
Last Modified: 2016-11-30
I'm trying to connect a site-to-site IPSec VPN between a Cisco ASA5505 and RV320.  The same basic settings are being used on both sides but the tunnel is not connecting.  When pressing Connect on the RV320 it fails to connect.  Clearly, there is advanced settings that need to be adjusted.  Anyone know of a tutorial on connecting these particular units?  Any help would be appreciated. Thanks! Setting are:
RV320:
Gateway to Gateway
Interface:WAN1
Keying Mode: IKE with Preshared Key
Enabled: checked

Local Group Setup
Local Security Gateway Type: IP Only
IP Address: Local WAN
Local Security Group Type: Subnet
IP Address: 192.168.1.0
SM: 255.255.255.0

Remote Group Setup
Remote Security Gateway Type: IP Only
IP Address: Remote WAN
Remote Security Group Type: Subnet
IP Address: 192.168.3.0
SM: 255.255.255.0

IPSec Setup
Phase 1 DH Group: Group 1 – 768bit
P1 Enc: DES
P1 Auth: MD5
P1 SA Lifetime: 86400
PFS: checked
P2 DH Group: Group 1
P2 Encr: DES
P2 Auth: MD5
P2 SA Lifetime: 3600

Advanced: the only thing checked is Dead Peer Detection Interval 10 sec

ASA 5505:
Stepped through site-to-site wizard with same settings as above
0
Comment
Question by:jmellis777
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 98

Accepted Solution

by:
John Hurst earned 2000 total points
ID: 41874559
Try DH Group 2 instead of 1 and PFS unchecked (not used).

Down in Advanced, try NAT Traversal both ways.

Also in Advanced, make sure Main Mode is used.

I have an RV325 set up here for site to site tunnels.

Set logging ON so you can see what happens when you try to connect.
0
 
LVL 98

Expert Comment

by:John Hurst
ID: 41893465
Any feedback on my suggestions? My tunnels all work
0
 

Author Closing Comment

by:jmellis777
ID: 41907674
It turns out the IT guy on the other end misspelled his own PSK he gave me.  However, your suggestion to turn on logging is what helped pinpoint the issue.  Thanks!
0
 
LVL 98

Expert Comment

by:John Hurst
ID: 41907684
Thanks for update and I was happy to help you resolve this.
0

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You deserve ‘straight talk’ from your cloud provider about your risk, your costs, security, uptime and the processes that are in place to protect your mission-critical applications.
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question