Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 1 subscriber
  • Views 3554 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPsec S2S vpn with certificate does not work with ASA

most_ahdy
Hi ,
  I have Astaro 220 box version 8.305 .
I tried to establish an IPsec S2S vpn with certificate with a cisco ASA 5510.
but it can not be established although I configured all phase 1 and phase 2 policy same in Astaro and ASA and also the lifetime.
-Certificates is issues by external CA.
-IPsec PFS group is enabled in both side.
-No strict policy nor compression configured in both side.
-There is no natting.
-No DPD Nor CRL configured.

-Please note that the same configuration is working but with preshared key.
Kindly find the attached log of the ASTARO and ASA .
Thanks,
Mostafa Aly


This thread was automatically locked due to age.
Parents
  • 0
    There's not enough information in the ASG log file.  Always begin by posting with NO debugging enabled.  Please post the log lines from a single connection attempt.

    Cheers - Bob
  • 0 in reply to BAlfson
    Sorry for the delay!!
    Hi Mostafa

    Could you please post the phase 1 and phase 2 settings and the configuration on both sides?

    Thanks


    kindly find the attached screenshot for the setting as per your request and for all setting in IPsec.

    There's not enough information in the ASG log file. Always begin by posting with NO debugging enabled. Please post the log lines from a single connection attempt.


    kindly find the attached log output as per your request.
    Thanks,
    Mostafa Aly
Reply
  • 0 in reply to BAlfson
    Sorry for the delay!!
    Hi Mostafa

    Could you please post the phase 1 and phase 2 settings and the configuration on both sides?

    Thanks


    kindly find the attached screenshot for the setting as per your request and for all setting in IPsec.

    There's not enough information in the ASG log file. Always begin by posting with NO debugging enabled. Please post the log lines from a single connection attempt.


    kindly find the attached log output as per your request.
    Thanks,
    Mostafa Aly
Children
No Data