Phase 2: Group 2 (1024) / 3DES / SHA1 / 3600 secsĪdvanced: Aggressive mode, Keep-alive are ON. Local: Endpoint is host, IP address blankĮxchange: Aggressive, Proposal: Claim (have also tried Obey and Check) Remote device: x.x.x.x (correctly set to router static IP). Options - IPSec DOI, SIT_IDENTITY_ONLY, Initial Contact, Generate Policy, Support Proxy are ON Preshared key is set and identical to that on router. INITIAL-CONTACT is off ("On" also works.) Gateway: x.x.x.x (correct router address) Here are the VPN Tracker settings, which DO work: (I've also tried changing these options, without success so far). Now, I've used an older Linksys-branded RV042 (with 1.3.12) and have successfully connected with IPSecuritas using GroupVPN.Ĭan anyone offer any help or suggestions? Will provide more info if required.A Cisco ASA router initiates an IPSEC VPN tunnel to a Palo Alto Networks firewall. The tunnel drops and the Palo Alto tries to re-initiate and fails. If the ASA initiates the tunnel, traffic will pass.īy default the Cisco ASA router will terminate an idle session, regardless of the re-key timer on the tunnel.
If the VPN tunnel is initiated by the Cisco device after the timeout, it will create a new tunnel and traffic will pass without issue.Ī tear down message may or may not be sent to the receiving host, in this case a Palo Alto Networks firewall.
0 kommentar(er)
