Site to Site with Cisco ASA
- From: "Flip" <phil.atkinson@xxxxxxxxxx>
- Date: Thu, 27 Nov 2008 16:01:24 -0400
I am at the remote office (ISa2004) and the ASA is at the main office. I
created a new network called Main Office containing addresses
10.xx.xx.xx/16, 169.xx.xx.xx/22, 192.xx.xx.xx/24. I am utilizing an IPSec
connection with Phase 1 settings as follows:
3DES
SHA1
DH Group 2
Authenticate and generate keyy ever 86400 seconds.
Phase 2
3DES
SHA1
Generate a new key every 4608000kb, 28800seconds
PFS
DH Group 2
And am using a pre shared key for authentication.
The Cisco ASA is configured in the same manner.
The network rule is:
route - main office, internal - main office, internal.
The firewall policy rules are:
main office to remote - allow all outbound traffice from main office to
internal, local host - all users
remote to main office - allow all outbound traffice from internal, local
host to main office - all users
The connection gets created but is not stable. It seems to drop quite
frequently. While monitoring IKE Client and IKE server protocols I catch "A
connection was gracefully closed in an orderly shutdown process with a
three-way FIN-initiated handshake." quite frequently around the same time
that the drop occurs. Does anyone have any ideas?
.
- Follow-Ups:
- Re: Site to Site with Cisco ASA
- From: Marc Van der Sypt
- Re: Site to Site with Cisco ASA
- Prev by Date: Re: ISA 2006 site to site VPN with branch RAS Win2003 server
- Next by Date: Re: Site to Site with Cisco ASA
- Previous by thread: ISA 2006 site to site VPN with branch RAS Win2003 server
- Next by thread: Re: Site to Site with Cisco ASA
- Index(es):
Relevant Pages
|
