Solved

Site-to-Site VPN Cisco ASA 5505 to Cisco RV320

Posted on 2016-11-04
4
364 Views
Last Modified: 2016-11-30
I'm trying to connect a site-to-site IPSec VPN between a Cisco ASA5505 and RV320.  The same basic settings are being used on both sides but the tunnel is not connecting.  When pressing Connect on the RV320 it fails to connect.  Clearly, there is advanced settings that need to be adjusted.  Anyone know of a tutorial on connecting these particular units?  Any help would be appreciated. Thanks! Setting are:
RV320:
Gateway to Gateway
Interface:WAN1
Keying Mode: IKE with Preshared Key
Enabled: checked

Local Group Setup
Local Security Gateway Type: IP Only
IP Address: Local WAN
Local Security Group Type: Subnet
IP Address: 192.168.1.0
SM: 255.255.255.0

Remote Group Setup
Remote Security Gateway Type: IP Only
IP Address: Remote WAN
Remote Security Group Type: Subnet
IP Address: 192.168.3.0
SM: 255.255.255.0

IPSec Setup
Phase 1 DH Group: Group 1 – 768bit
P1 Enc: DES
P1 Auth: MD5
P1 SA Lifetime: 86400
PFS: checked
P2 DH Group: Group 1
P2 Encr: DES
P2 Auth: MD5
P2 SA Lifetime: 3600

Advanced: the only thing checked is Dead Peer Detection Interval 10 sec

ASA 5505:
Stepped through site-to-site wizard with same settings as above
0
Comment
Question by:jmellis777
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 95

Accepted Solution

by:
John Hurst earned 500 total points
ID: 41874559
Try DH Group 2 instead of 1 and PFS unchecked (not used).

Down in Advanced, try NAT Traversal both ways.

Also in Advanced, make sure Main Mode is used.

I have an RV325 set up here for site to site tunnels.

Set logging ON so you can see what happens when you try to connect.
0
 
LVL 95

Expert Comment

by:John Hurst
ID: 41893465
Any feedback on my suggestions? My tunnels all work
0
 

Author Closing Comment

by:jmellis777
ID: 41907674
It turns out the IT guy on the other end misspelled his own PSK he gave me.  However, your suggestion to turn on logging is what helped pinpoint the issue.  Thanks!
0
 
LVL 95

Expert Comment

by:John Hurst
ID: 41907684
Thanks for update and I was happy to help you resolve this.
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
Let’s face it: one of the reasons your organization chose a SaaS solution (whether Microsoft Dynamics 365, Netsuite or SAP) is that it is subscription-based. The upkeep is done. Or so you think.
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question