Cisco ASA VPN to Cisco Router “MM_WAIT_MSG3”
KB ID 0001531 Problem While migrating a VPN tunnel from an ASA 5520 firewall to a new 5516-X I got this problem. The other end was a Cisco router (2900). As soon as I swapped it over, it was stuck at MM_WAIT_MSG3, and phase 1 would not establish; NUFC-ASA5516x(config-tunnel-ipsec)# show crypto isa IKEv1 SAs: Active SA: 6 Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey) Total IKE SA: 6 1 IKE Peer: 1.1.1.1 Type :...
Cisco ASA: Allow VPN Traffic “Through” A Cisco Firewall
KB ID 0001428 Problem I got asked to put in a VPN for a client, this week, it went from a simple site to site, to a site to site with a Fortigate firewall at one end, to a VPN from and ASA to a Fortigate ‘through’ another ASA. It’s been a few years since I had to tunnel ‘through’ a firewall, and experience tells me, if you don’t have control of BOTH ends of a new VPN tunnel, anything that stops...
Cisco ASA Site to Site VPN’sSite to Site ISAKMP VPN (Main Mode)
KB ID 0000213 Problem As with most things, before you have a hope of fixing something, you will stand a better chance if you know how it works in the first place. Below is a quick run though of what’s happening with your site to site VPN’s and how they work. For the entire process we will have two Cisco ASA 5500 firewalls and a site to site VPN. Solution What’s an Initiator and a Responder? 1. Our Laptop 192.168.1.50...