Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

VPN from ASA 5510 and RV215W problem

Status
Not open for further replies.

ITSUPPORTIT

IS-IT--Management
Jan 23, 2017
1
IT
Dear all,
I'm triyng to configure a Site -to-Site VPN without success from ASA 5510 (static public IP) and RV215W private ip 192.168.20.1 (connected to 4g router with dynamic public IP).
I cannot see UP the VPN.
If I try to ping from "ASA network" I see only "IKE initiator unable to find policy". If I try to ping from RV215W network anything.
I send to you ASA config, big thanks fot your help.

ASA Version 7.0(6)
!
interface Ethernet0/1
nameif Fastweb2
security-level 0
ip address 192.168.11.2 255.255.255.0
!
interface Ethernet0/3
description LAN
nameif LAN
security-level 100
ip address 192.168.1.1 255.255.255.0
!
ftp mode passive
dns domain-lookup Fastweb2
dns name-server 85.18.200.200
dns name-server 89.97.140.140
object-group network VPN_OFFICE
network-object 192.168.20.0 255.255.255.0
access-list Fastweb_access_out extended permit ip any any
access-list Fastweb_access_out extended permit ip 192.168.1.0 255.255.255.0 192.168.20.0 255.255.255.0
access-list LAN_nat0_outbound extended permit ip interface LAN interface Fastweb2
access-list LAN_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 host 1.2.3.4
access-list LAN_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 object-group VPN_OFFICE
access-list Fastweb2_cryptomap_20 extended permit ip 192.168.1.0 255.255.255.0 host 1.2.3.4
access-list Fastweb2_access_in extended permit tcp host 1.2.3.4 192.168.1.0 255.255.255.0 eq lpd
access-list Fastweb2_access_in extended permit tcp host 1.2.3.4 host 192.168.1.101 eq ldap
access-list Fastweb2_access_in extended permit tcp host 1.2.3.4 host 192.168.1.102 eq ldap
access-list Fastweb2_access_in extended permit ip object-group VPN_OFFICE 192.168.1.0 255.255.255.0
access-list Fastweb2_cryptomap_10 extended permit ip 192.168.1.0 255.255.255.0 host 1.2.3.4
access-list Fastweb2_cryptomap_dyn_1 extended permit ip 192.168.1.0 255.255.255.0 object-group VPN_OFFICE
access-list Fastweb2_cryptomap_10_1 extended permit ip 192.168.1.0 255.255.255.0 host 1.2.3.4
pager lines 24
logging enable
logging asdm errors
mtu Fastweb2 1500
mtu LAN 1500
mtu management 1500
ip verify reverse-path interface Fastweb2
no failover
monitor-interface Fastweb2
monitor-interface LAN
monitor-interface management
asdm image disk0:/asdm506.bin
no asdm history enable
arp timeout 14400
nat-control
global (Fastweb2) 11 interface
nat (LAN) 0 access-list LAN_nat0_outbound
nat (LAN) 11 192.168.1.0 255.255.255.0
nat (management) 0 0.0.0.0 0.0.0.0
access-group Fastweb2_access_in in interface Fastweb2
route Fastweb2 0.0.0.0 0.0.0.0 192.168.11.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
vpn-tunnel-protocol IPSec
group-lock value DefaultL2LGroup
webvpn
username utente password xxxxxxxxxxxxxx encrypted privilege 15
http server enable
http 192.168.1.0 255.255.255.0 LAN
http 192.168.1.0 255.255.255.0 management
http 192.168.0.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
no sysopt connection permit-ipsec
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set myset esp-des esp-md5-hmac
crypto dynamic-map MY_DYNAMIC_MAP 1 match address Fastweb2_cryptomap_dyn_1
crypto dynamic-map MY_DYNAMIC_MAP 1 set transform-set myset
crypto map Fastweb2_map 20 match address Fastweb2_cryptomap_20
crypto map Fastweb2_map 20 set peer 6.7.8.9
crypto map Fastweb2_map 20 set transform-set ESP-AES-256-SHA
crypto map dyn-map 10 match address Fastweb2_cryptomap_10
crypto map dyn-map 10 set peer 6.7.8.9
crypto map dyn-map 10 set transform-set ESP-AES-256-SHA
crypto map STATIC_MAP_CALLING_DYMANIC_MAP 10 match address Fastweb2_cryptomap_10_1
crypto map STATIC_MAP_CALLING_DYMANIC_MAP 10 set peer 6.7.8.9
crypto map STATIC_MAP_CALLING_DYMANIC_MAP 10 set transform-set ESP-AES-256-SHA
crypto map STATIC_MAP_CALLING_DYMANIC_MAP 65535 ipsec-isakmp dynamic MY_DYNAMIC_MAP
crypto map STATIC_MAP_CALLING_DYMANIC_MAP interface Fastweb2
isakmp identity address
isakmp enable Fastweb2
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption aes
isakmp policy 20 hash sha
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
isakmp policy 30 authentication pre-share
isakmp policy 30 encryption 3des
isakmp policy 30 hash md5
isakmp policy 30 group 2
isakmp policy 30 lifetime 86400
isakmp policy 50 authentication pre-share
isakmp policy 50 encryption 3des
isakmp policy 50 hash sha
isakmp policy 50 group 2
isakmp policy 50 lifetime 86400
isakmp policy 70 authentication pre-share
isakmp policy 70 encryption aes
isakmp policy 70 hash sha
isakmp policy 70 group 5
isakmp policy 70 lifetime 86400
isakmp nat-traversal 20
tunnel-group DefaultL2LGroup ipsec-attributes
pre-shared-key *
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key *
tunnel-group 6.7.8.9 type ipsec-l2l
tunnel-group 6.7.8.9 ipsec-attributes
pre-shared-key *
no vpn-addr-assign aaa
no vpn-addr-assign local
telnet 192.168.1.0 255.255.255.0 LAN
telnet 192.168.0.0 255.255.255.0 management
telnet timeout 5
ssh 192.168.1.0 255.255.255.0 management
ssh 192.168.0.0 255.255.255.0 management
ssh timeout 5
console timeout 0
!
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top