Cisco ASA 5505 does not initiate site to site VPN

cisco-asacisco-vpn

I am using Cisco ASA 5505 to establish a site to site VPN tunnel.

The problem is that, my ASA 5505 does not seem to initiate the negotiation but once the device on the other starts the negotiation the tunnel establishes successfully!

Is there any such configuration that enables the initiation of phase 1 negotiation?

Any clues what am I missing?

Thanks,

Best Answer

I would run through these steps:

Before the L2L P2 is up, go ahead and ping an interesting traffic host. If everything is set up correctly, this will initiate the tunnel. Apologies if you already knew that but some do not.
On the ASA, ensure that you have set up a crypto map entry for the interesting traffic. What could be happening, and this is just a guess, but perhaps you do not have the correct crypto map in place and instead when the peer initiates you are establishing using the dynamic crypto map.
Using ASDM you can check out your connection profile and check your setting under Crypto Map and make sure that it is on "Bidirectional" rather than "answer only"
Finally, make sure that is not your peer that is the issue.

Related Solutions

Cisco ASA 5505 – L2TP over IPsec

Can you post the output of your log while trying to establish a vpn connection at the debugging level? (in the asdm go to Monitoring -> Logging -> set logging level to debug in the drop down -> click view)

Also unless there is a compelling reason to stay at 7.2(4) I would upgrade to the latest 8.x release. The 7.2 series had some pretty major issues.

EDIT

That error means that the interface the incoming vpn is setup on doesn't have a crypto-map applied.

if you were following the instructions there, you probably applied the crypto map like this:

crypto map outside_map interface outside

if you are testing on the same lan you would need to do this:

crypto map outside_map interface inside

Ugly i know but it'll let you test, then remove from the inside interface and you are good to go.

If that doesn't work, would you be willing put post your running config?

EDIT 2:

Ok, lets simplify this config a little. Try disconnecting the XP machine from the ASA. And also remove the 192.168.1.1 ip address and DHCP pool from the ASA. Then try to connect via the vpn.

Cisco ASA 5505 VPN setup

Base license should grant you a couple site to site vpn tunnels.

Under The Wizards, select IPSec VPN Wizard Select Site to site enter the remotes IP address to terminate too Create and enter in a preshared key Tunnel group will fill in automatically Select your IKE Encryption/Auth info Select IPSEc info Then add in the remote network info and local network info Finish

That's all there is to it. The wizard makes it really easy.

Best Answer

Related Solutions

Cisco ASA 5505 – L2TP over IPsec

Cisco ASA 5505 VPN setup

Related Topic