VPN from ASA 5510 and RV215W problem

Home Forums Networking Cisco Security – PIX/ASA/VPN VPN from ASA 5510 and RV215W problem

Viewing 1 post (of 1 total)
  • Author
    Posts

  • ITSUPPORTIT
    Member
    #166817

    Dear all,
    I’m triyng to configure a Site -to-Site VPN without success from ASA 5510 (static public IP) and RV215W private ip 192.168.20.1 (connected to 4g router with dynamic public IP).
    I cannot see UP the VPN.
    If I try to ping from “ASA network” I see only “IKE initiator unable to find policy”. If I try to ping from RV215W network anything.
    I send to you ASA config, big thanks fot your help.

    ASA Version 7.0(6)
    !
    interface Ethernet0/1
    nameif Fastweb2
    security-level 0
    ip address 192.168.11.2 255.255.255.0
    !
    interface Ethernet0/3
    description LAN
    nameif LAN
    security-level 100
    ip address 192.168.1.1 255.255.255.0
    !
    ftp mode passive
    dns domain-lookup Fastweb2
    dns name-server 85.18.200.200
    dns name-server 89.97.140.140
    object-group network VPN_OFFICE
    network-object 192.168.20.0 255.255.255.0
    access-list Fastweb_access_out extended permit ip any any
    access-list Fastweb_access_out extended permit ip 192.168.1.0 255.255.255.0 192.168.20.0 255.255.255.0
    access-list LAN_nat0_outbound extended permit ip interface LAN interface Fastweb2
    access-list LAN_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 host 1.2.3.4
    access-list LAN_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 object-group VPN_OFFICE
    access-list Fastweb2_cryptomap_20 extended permit ip 192.168.1.0 255.255.255.0 host 1.2.3.4
    access-list Fastweb2_access_in extended permit tcp host 1.2.3.4 192.168.1.0 255.255.255.0 eq lpd
    access-list Fastweb2_access_in extended permit tcp host 1.2.3.4 host 192.168.1.101 eq ldap
    access-list Fastweb2_access_in extended permit tcp host 1.2.3.4 host 192.168.1.102 eq ldap
    access-list Fastweb2_access_in extended permit ip object-group VPN_OFFICE 192.168.1.0 255.255.255.0
    access-list Fastweb2_cryptomap_10 extended permit ip 192.168.1.0 255.255.255.0 host 1.2.3.4
    access-list Fastweb2_cryptomap_dyn_1 extended permit ip 192.168.1.0 255.255.255.0 object-group VPN_OFFICE
    access-list Fastweb2_cryptomap_10_1 extended permit ip 192.168.1.0 255.255.255.0 host 1.2.3.4
    pager lines 24
    logging enable
    logging asdm errors
    mtu Fastweb2 1500
    mtu LAN 1500
    mtu management 1500
    ip verify reverse-path interface Fastweb2
    no failover
    monitor-interface Fastweb2
    monitor-interface LAN
    monitor-interface management
    asdm image disk0:/asdm506.bin
    no asdm history enable
    arp timeout 14400
    nat-control
    global (Fastweb2) 11 interface
    nat (LAN) 0 access-list LAN_nat0_outbound
    nat (LAN) 11 192.168.1.0 255.255.255.0
    nat (management) 0 0.0.0.0 0.0.0.0
    access-group Fastweb2_access_in in interface Fastweb2
    route Fastweb2 0.0.0.0 0.0.0.0 192.168.11.1 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
    timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
    timeout uauth 0:05:00 absolute
    vpn-tunnel-protocol IPSec
    group-lock value DefaultL2LGroup
    webvpn
    username utente password xxxxxxxxxxxxxx encrypted privilege 15
    http server enable
    http 192.168.1.0 255.255.255.0 LAN
    http 192.168.1.0 255.255.255.0 management
    http 192.168.0.0 255.255.255.0 management
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    no sysopt connection permit-ipsec
    crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
    crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
    crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
    crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
    crypto ipsec transform-set myset esp-des esp-md5-hmac
    crypto dynamic-map MY_DYNAMIC_MAP 1 match address Fastweb2_cryptomap_dyn_1
    crypto dynamic-map MY_DYNAMIC_MAP 1 set transform-set myset
    crypto map Fastweb2_map 20 match address Fastweb2_cryptomap_20
    crypto map Fastweb2_map 20 set peer 6.7.8.9
    crypto map Fastweb2_map 20 set transform-set ESP-AES-256-SHA
    crypto map dyn-map 10 match address Fastweb2_cryptomap_10
    crypto map dyn-map 10 set peer 6.7.8.9
    crypto map dyn-map 10 set transform-set ESP-AES-256-SHA
    crypto map STATIC_MAP_CALLING_DYMANIC_MAP 10 match address Fastweb2_cryptomap_10_1
    crypto map STATIC_MAP_CALLING_DYMANIC_MAP 10 set peer 6.7.8.9
    crypto map STATIC_MAP_CALLING_DYMANIC_MAP 10 set transform-set ESP-AES-256-SHA
    crypto map STATIC_MAP_CALLING_DYMANIC_MAP 65535 ipsec-isakmp dynamic MY_DYNAMIC_MAP
    crypto map STATIC_MAP_CALLING_DYMANIC_MAP interface Fastweb2
    isakmp identity address
    isakmp enable Fastweb2
    isakmp policy 10 authentication pre-share
    isakmp policy 10 encryption des
    isakmp policy 10 hash md5
    isakmp policy 10 group 2
    isakmp policy 10 lifetime 86400
    isakmp policy 20 authentication pre-share
    isakmp policy 20 encryption aes
    isakmp policy 20 hash sha
    isakmp policy 20 group 2
    isakmp policy 20 lifetime 86400
    isakmp policy 30 authentication pre-share
    isakmp policy 30 encryption 3des
    isakmp policy 30 hash md5
    isakmp policy 30 group 2
    isakmp policy 30 lifetime 86400
    isakmp policy 50 authentication pre-share
    isakmp policy 50 encryption 3des
    isakmp policy 50 hash sha
    isakmp policy 50 group 2
    isakmp policy 50 lifetime 86400
    isakmp policy 70 authentication pre-share
    isakmp policy 70 encryption aes
    isakmp policy 70 hash sha
    isakmp policy 70 group 5
    isakmp policy 70 lifetime 86400
    isakmp nat-traversal 20
    tunnel-group DefaultL2LGroup ipsec-attributes
    pre-shared-key *
    tunnel-group DefaultRAGroup ipsec-attributes
    pre-shared-key *
    tunnel-group 6.7.8.9 type ipsec-l2l
    tunnel-group 6.7.8.9 ipsec-attributes
    pre-shared-key *
    no vpn-addr-assign aaa
    no vpn-addr-assign local
    telnet 192.168.1.0 255.255.255.0 LAN
    telnet 192.168.0.0 255.255.255.0 management
    telnet timeout 5
    ssh 192.168.1.0 255.255.255.0 management
    ssh 192.168.0.0 255.255.255.0 management
    ssh timeout 5
    console timeout 0
    !

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.

Don't leave your business open to attack! Come learn how to protect your AD in this FREE masterclass!REGISTER NOW - Thursday, December 2, 2021 @ 1 pm ET

Active Directory (AD) is leveraged by over 90% of enterprises worldwide as the authentication and authorization hub of their IT infrastructure—but its inherent complexity leaves it prone to misconfigurations that can allow attackers to slip into your network and wreak havoc. 

Join this session with Microsoft MVP and MCT Sander Berkouwer, who will explore:

  • Whether you should upgrade your domain controllers to Windows Server
    2019 and beyond
  • Achieving mission impossible: updating DCs within 48 hours
  • How to disable legacy protocols and outdated compatibility options in
    Active Directory

Sponsored by: