Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
RemoteUser
Advisor
Jump to solution

S2S phase 2 down

We have a vpn s2s that goes down with asa. (phase-2)

crypto map outside_map 300 match address outside_300_cryptomap
crypto map outside_map 300 set peer x.x.x.x (our pubblic IP)
crypto map outside_map 300 set ikev2 ipsec-proposal ESP-AES256-SHA256
crypto map outside_map 300 set security-association lifetime seconds 28800
DH Group 14

Our side checkpoint doesn't change...


Error from checkpoint in the log:
Child SA exchange: Sending notification to peer: No proposal chosen MyMethods Phase2: AES-256 + HMAC-SHA2-256, No IPComp, No ESN, Group 14

The guys that mange ASA told me that they doesn't change anything.

0 Kudos
1 Solution

Accepted Solutions
RemoteUser
Advisor

Hi brother, sorri for the late response i was ooo.
Anway we solved the issue, there was an incompatibility with PFS

View solution in original post

6 Replies
_Val_
Admin
Admin

What does the log say?

0 Kudos
the_rock
Legend
Legend

Hey bro,

Ask them if they can run this debug on Cisco and send it over.

Andy

 

debug vpn:

debug crypto condition peer x.x.x.x

debug crypto ikev1 200

debug crypto ipsec 200

to cancel all debugs-> undebug all

0 Kudos
the_rock
Legend
Legend

Was the tunnel ever up btw?

Andy

0 Kudos
the_rock
Legend
Legend

Hey bro,

Any luck with this?

Andy

0 Kudos
RemoteUser
Advisor

Hi brother, sorri for the late response i was ooo.
Anway we solved the issue, there was an incompatibility with PFS

the_rock
Legend
Legend

Excellent work bro.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events