?
Solved

Site-to-Site VPN Cisco ASA 5505 to Cisco RV320

Posted on 2016-11-04
4
Medium Priority
?
495 Views
Last Modified: 2016-11-30
I'm trying to connect a site-to-site IPSec VPN between a Cisco ASA5505 and RV320.  The same basic settings are being used on both sides but the tunnel is not connecting.  When pressing Connect on the RV320 it fails to connect.  Clearly, there is advanced settings that need to be adjusted.  Anyone know of a tutorial on connecting these particular units?  Any help would be appreciated. Thanks! Setting are:
RV320:
Gateway to Gateway
Interface:WAN1
Keying Mode: IKE with Preshared Key
Enabled: checked

Local Group Setup
Local Security Gateway Type: IP Only
IP Address: Local WAN
Local Security Group Type: Subnet
IP Address: 192.168.1.0
SM: 255.255.255.0

Remote Group Setup
Remote Security Gateway Type: IP Only
IP Address: Remote WAN
Remote Security Group Type: Subnet
IP Address: 192.168.3.0
SM: 255.255.255.0

IPSec Setup
Phase 1 DH Group: Group 1 – 768bit
P1 Enc: DES
P1 Auth: MD5
P1 SA Lifetime: 86400
PFS: checked
P2 DH Group: Group 1
P2 Encr: DES
P2 Auth: MD5
P2 SA Lifetime: 3600

Advanced: the only thing checked is Dead Peer Detection Interval 10 sec

ASA 5505:
Stepped through site-to-site wizard with same settings as above
0
Comment
Question by:jmellis777
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 97

Accepted Solution

by:
Experienced Member earned 2000 total points
ID: 41874559
Try DH Group 2 instead of 1 and PFS unchecked (not used).

Down in Advanced, try NAT Traversal both ways.

Also in Advanced, make sure Main Mode is used.

I have an RV325 set up here for site to site tunnels.

Set logging ON so you can see what happens when you try to connect.
0
 
LVL 97

Expert Comment

by:Experienced Member
ID: 41893465
Any feedback on my suggestions? My tunnels all work
0
 

Author Closing Comment

by:jmellis777
ID: 41907674
It turns out the IT guy on the other end misspelled his own PSK he gave me.  However, your suggestion to turn on logging is what helped pinpoint the issue.  Thanks!
0
 
LVL 97

Expert Comment

by:Experienced Member
ID: 41907684
Thanks for update and I was happy to help you resolve this.
0

Featured Post

WatchGuard's M Series Appliances - Miecom Approved

WatchGuard's newest M series appliances were put to the test by Miercom.  We had great results and outperformed all of our competitors in both stateless and stateful traffic throghput scenarios! Ready to see how your UTM appliance stacked up? Download the Miercom Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question