I am trying to establish a VPN on a P2P link between an ISR 1100 router and an ASA. I realize P2P is inherently secure because it is private, however this data needs to be encrypted regardless.
I am having an issue I just cant seem to figure out. The router interface 192.168.244.2 connects directly with the ASA interface 192.168.244.1 however after I configure my VPN and crypto maps on both sides, the SA will not establish. My crypto map is applied to interface gi0/0/0 with ip 192.168.244.2 and the ACL allows any any.
show crypto session shows the shows the session on the router is DOWN. A debug of ikev2 shows the vpn getting past the IKE_SA_INIT stage and getting to the IKE_AUTH phase. However, it fails at that point. It creates an IKE session with ID Pair (192.168.244.1, 192.168.244.2) UP but then a few lines later sends a Queuing SA IKE Delete Request Reason: Unknown and then sends a Delete packet to kill the SA.
Does anyone have experience with this that can help me out? This is my first time configuring a Router to ASA VPN over a P2P and I could really use some insight.
No comments:
Post a Comment