Announcement

Collapse
No announcement yet.

VPN from ASA 5510 and RV215W problem

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • VPN from ASA 5510 and RV215W problem

    Dear all,
    I'm triyng to configure a Site -to-Site VPN without success from ASA 5510 (static public IP) and RV215W private ip 192.168.20.1 (connected to 4g router with dynamic public IP).
    I cannot see UP the VPN.
    If I try to ping from "ASA network" I see only "IKE initiator unable to find policy". If I try to ping from RV215W network anything.
    I send to you ASA config, big thanks fot your help.

    ASA Version 7.0(6)
    !
    interface Ethernet0/1
    nameif Fastweb2
    security-level 0
    ip address 192.168.11.2 255.255.255.0
    !
    interface Ethernet0/3
    description LAN
    nameif LAN
    security-level 100
    ip address 192.168.1.1 255.255.255.0
    !
    ftp mode passive
    dns domain-lookup Fastweb2
    dns name-server 85.18.200.200
    dns name-server 89.97.140.140
    object-group network VPN_OFFICE
    network-object 192.168.20.0 255.255.255.0
    access-list Fastweb_access_out extended permit ip any any
    access-list Fastweb_access_out extended permit ip 192.168.1.0 255.255.255.0 192.168.20.0 255.255.255.0
    access-list LAN_nat0_outbound extended permit ip interface LAN interface Fastweb2
    access-list LAN_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 host 1.2.3.4
    access-list LAN_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 object-group VPN_OFFICE
    access-list Fastweb2_cryptomap_20 extended permit ip 192.168.1.0 255.255.255.0 host 1.2.3.4
    access-list Fastweb2_access_in extended permit tcp host 1.2.3.4 192.168.1.0 255.255.255.0 eq lpd
    access-list Fastweb2_access_in extended permit tcp host 1.2.3.4 host 192.168.1.101 eq ldap
    access-list Fastweb2_access_in extended permit tcp host 1.2.3.4 host 192.168.1.102 eq ldap
    access-list Fastweb2_access_in extended permit ip object-group VPN_OFFICE 192.168.1.0 255.255.255.0
    access-list Fastweb2_cryptomap_10 extended permit ip 192.168.1.0 255.255.255.0 host 1.2.3.4
    access-list Fastweb2_cryptomap_dyn_1 extended permit ip 192.168.1.0 255.255.255.0 object-group VPN_OFFICE
    access-list Fastweb2_cryptomap_10_1 extended permit ip 192.168.1.0 255.255.255.0 host 1.2.3.4
    pager lines 24
    logging enable
    logging asdm errors
    mtu Fastweb2 1500
    mtu LAN 1500
    mtu management 1500
    ip verify reverse-path interface Fastweb2
    no failover
    monitor-interface Fastweb2
    monitor-interface LAN
    monitor-interface management
    asdm image disk0:/asdm506.bin
    no asdm history enable
    arp timeout 14400
    nat-control
    global (Fastweb2) 11 interface
    nat (LAN) 0 access-list LAN_nat0_outbound
    nat (LAN) 11 192.168.1.0 255.255.255.0
    nat (management) 0 0.0.0.0 0.0.0.0
    access-group Fastweb2_access_in in interface Fastweb2
    route Fastweb2 0.0.0.0 0.0.0.0 192.168.11.1 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
    timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
    timeout uauth 0:05:00 absolute
    vpn-tunnel-protocol IPSec
    group-lock value DefaultL2LGroup
    webvpn
    username utente password xxxxxxxxxxxxxx encrypted privilege 15
    http server enable
    http 192.168.1.0 255.255.255.0 LAN
    http 192.168.1.0 255.255.255.0 management
    http 192.168.0.0 255.255.255.0 management
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    no sysopt connection permit-ipsec
    crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
    crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
    crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
    crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
    crypto ipsec transform-set myset esp-des esp-md5-hmac
    crypto dynamic-map MY_DYNAMIC_MAP 1 match address Fastweb2_cryptomap_dyn_1
    crypto dynamic-map MY_DYNAMIC_MAP 1 set transform-set myset
    crypto map Fastweb2_map 20 match address Fastweb2_cryptomap_20
    crypto map Fastweb2_map 20 set peer 6.7.8.9
    crypto map Fastweb2_map 20 set transform-set ESP-AES-256-SHA
    crypto map dyn-map 10 match address Fastweb2_cryptomap_10
    crypto map dyn-map 10 set peer 6.7.8.9
    crypto map dyn-map 10 set transform-set ESP-AES-256-SHA
    crypto map STATIC_MAP_CALLING_DYMANIC_MAP 10 match address Fastweb2_cryptomap_10_1
    crypto map STATIC_MAP_CALLING_DYMANIC_MAP 10 set peer 6.7.8.9
    crypto map STATIC_MAP_CALLING_DYMANIC_MAP 10 set transform-set ESP-AES-256-SHA
    crypto map STATIC_MAP_CALLING_DYMANIC_MAP 65535 ipsec-isakmp dynamic MY_DYNAMIC_MAP
    crypto map STATIC_MAP_CALLING_DYMANIC_MAP interface Fastweb2
    isakmp identity address
    isakmp enable Fastweb2
    isakmp policy 10 authentication pre-share
    isakmp policy 10 encryption des
    isakmp policy 10 hash md5
    isakmp policy 10 group 2
    isakmp policy 10 lifetime 86400
    isakmp policy 20 authentication pre-share
    isakmp policy 20 encryption aes
    isakmp policy 20 hash sha
    isakmp policy 20 group 2
    isakmp policy 20 lifetime 86400
    isakmp policy 30 authentication pre-share
    isakmp policy 30 encryption 3des
    isakmp policy 30 hash md5
    isakmp policy 30 group 2
    isakmp policy 30 lifetime 86400
    isakmp policy 50 authentication pre-share
    isakmp policy 50 encryption 3des
    isakmp policy 50 hash sha
    isakmp policy 50 group 2
    isakmp policy 50 lifetime 86400
    isakmp policy 70 authentication pre-share
    isakmp policy 70 encryption aes
    isakmp policy 70 hash sha
    isakmp policy 70 group 5
    isakmp policy 70 lifetime 86400
    isakmp nat-traversal 20
    tunnel-group DefaultL2LGroup ipsec-attributes
    pre-shared-key *
    tunnel-group DefaultRAGroup ipsec-attributes
    pre-shared-key *
    tunnel-group 6.7.8.9 type ipsec-l2l
    tunnel-group 6.7.8.9 ipsec-attributes
    pre-shared-key *
    no vpn-addr-assign aaa
    no vpn-addr-assign local
    telnet 192.168.1.0 255.255.255.0 LAN
    telnet 192.168.0.0 255.255.255.0 management
    telnet timeout 5
    ssh 192.168.1.0 255.255.255.0 management
    ssh 192.168.0.0 255.255.255.0 management
    ssh timeout 5
    console timeout 0
    !
Working...
X