Solved

Site-to-Site VPN Cisco ASA 5505 to Cisco RV320

Posted on 2016-11-04
4
266 Views
Last Modified: 2016-11-30
I'm trying to connect a site-to-site IPSec VPN between a Cisco ASA5505 and RV320.  The same basic settings are being used on both sides but the tunnel is not connecting.  When pressing Connect on the RV320 it fails to connect.  Clearly, there is advanced settings that need to be adjusted.  Anyone know of a tutorial on connecting these particular units?  Any help would be appreciated. Thanks! Setting are:
RV320:
Gateway to Gateway
Interface:WAN1
Keying Mode: IKE with Preshared Key
Enabled: checked

Local Group Setup
Local Security Gateway Type: IP Only
IP Address: Local WAN
Local Security Group Type: Subnet
IP Address: 192.168.1.0
SM: 255.255.255.0

Remote Group Setup
Remote Security Gateway Type: IP Only
IP Address: Remote WAN
Remote Security Group Type: Subnet
IP Address: 192.168.3.0
SM: 255.255.255.0

IPSec Setup
Phase 1 DH Group: Group 1 – 768bit
P1 Enc: DES
P1 Auth: MD5
P1 SA Lifetime: 86400
PFS: checked
P2 DH Group: Group 1
P2 Encr: DES
P2 Auth: MD5
P2 SA Lifetime: 3600

Advanced: the only thing checked is Dead Peer Detection Interval 10 sec

ASA 5505:
Stepped through site-to-site wizard with same settings as above
0
Comment
Question by:jmellis777
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 94

Accepted Solution

by:
John Hurst earned 500 total points
ID: 41874559
Try DH Group 2 instead of 1 and PFS unchecked (not used).

Down in Advanced, try NAT Traversal both ways.

Also in Advanced, make sure Main Mode is used.

I have an RV325 set up here for site to site tunnels.

Set logging ON so you can see what happens when you try to connect.
0
 
LVL 94

Expert Comment

by:John Hurst
ID: 41893465
Any feedback on my suggestions? My tunnels all work
0
 

Author Closing Comment

by:jmellis777
ID: 41907674
It turns out the IT guy on the other end misspelled his own PSK he gave me.  However, your suggestion to turn on logging is what helped pinpoint the issue.  Thanks!
0
 
LVL 94

Expert Comment

by:John Hurst
ID: 41907684
Thanks for update and I was happy to help you resolve this.
0

Featured Post

Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question