Got it

L2L VPN between cisco asa & USG6300

Created: Mar 26, 2020 21:39:09Latest reply: May 20, 2020 22:49:24 217 9 0 0
  Rewarded HiCoins: 0 (problem resolved)
I am trying to establish l2l vpn between cisco asa version 9.8 & USG6300 V500R001C60SPC500,
WITH NO SUCCESS
  • x
  • convention:

Featured Answers

Recommended answer

Admin Created Mar 27, 2020 07:18:54 Helpful(0) Helpful(0)

Hi,
The following is a general troubleshooting guide.
https://support.huawei.com/onlinetoolsweb/ptmngsys/Web/tsrev_security/en/content/security/34_edesk_ipsec_tunnel_configure_failed_V5R1/edesk_ipsec_tunnel_configure_failed_edesk000.html
If this guide is not used, please collect information and contact TAC for technical support.
Please click http://e.huawei.com/au/service-hotline

View more
  • x
  • convention:

All Answers
user_3769528 Created Mar 26, 2020 21:53:21 Helpful(1) Helpful(1)

I would like to add notes,
I used same configuration L2L VPN, Cisco asa version 8 & USG6300 V500R001C60SPC500,
It's working fine
View more
  • x
  • convention:

chenhui Admin Created Mar 27, 2020 01:43:19 Helpful(1) Helpful(1)

Posted by user_3769528 at 2020-03-26 21:53 I would like to add notes, I used same configuration L2L VPN, Cisco asa version 8 & USG6300 V500R00 ...
Hi,
Does the default setting on ASA version 9.8 and version 8 are the same?
Commonly, the VPN doesn't establish due to the incompatible parameters.
Also, kindly check the ike sa status(if you are using IPSec) and any error logs on the firewall.
View more
  • x
  • convention:

user_3769528 Created Mar 27, 2020 01:52:37 Helpful(0) Helpful(0)

Hello,
Yes i used the configuration in asa v8 & USG6300 & i review it more than one time
Thanks
View more
  • x
  • convention:

Popeye_Wang Admin Created Mar 27, 2020 07:18:54 Helpful(0) Helpful(0)

Hi,
The following is a general troubleshooting guide.
https://support.huawei.com/onlinetoolsweb/ptmngsys/Web/tsrev_security/en/content/security/34_edesk_ipsec_tunnel_configure_failed_V5R1/edesk_ipsec_tunnel_configure_failed_edesk000.html
If this guide is not used, please collect information and contact TAC for technical support.
Please click http://e.huawei.com/au/service-hotline

View more
  • x
  • convention:

Steelblue Created Mar 27, 2020 07:24:19 Helpful(0) Helpful(0)

Since there is no problem with ASA version8, I think you should contact Cisco technical personnel to ask what is the difference between version 8 and 9.8 and then modify the configuration on the ASA.
View more
  • x
  • convention:

ChanTy02
ChanTy02 Created Mar 27, 2020 08:05:28 Helpful(0) Helpful(0)

Posted by chenhui at 2020-03-27 01:43 Hi,Does the default setting on ASA version 9.8 and version 8 are the same?Commonly, the VPN doesn' ...
Thank for your add on... well noted
View more
  • x
  • convention:

ips.sise
ips.sise Created Mar 27, 2020 20:05:17 Helpful(0) Helpful(0)

HI all ,

kindly check bellow configuration
USG6300  

ipsec policy map1 10 isakmp

 security acl 3012

 ike-peer ike263123449214

 proposal prop26312344921

 tunnel local applied-interface

 alias TT

 sa trigger-mode auto

 sa duration traffic-based 5242880

 sa duration time-based 3600

ipsec proposal prop26312344921

 esp authentication-algorithm sha1

 esp encryption-algorithm aes-256


ike proposal 11

 encryption-algorithm aes-256

 dh group21

 authentication-algorithm sha2-256

 sa duration 28800

 authentication-method pre-share

 integrity-algorithm hmac-sha1-96 hmac-md5-96

 prf hmac-sha1 hmac-md5



ike peer ike263123449214

 undo version 1

 exchange-mode auto

 pre-shared-key 123

 ike-proposal 11

 remote-address XX.XX.XX.XX

ASA

crypto ipsec ikev2 ipsec-proposal TT

 protocol esp encryption aes-256

 protocol esp integrity sha-1


crypto ikev2 policy 60

 encryption aes-256

 integrity md5

 group 21

 prf md5

 lifetime seconds 28800


View more
  • x
  • convention:

user_3769528 Created Apr 1, 2020 19:48:44 Helpful(0) Helpful(0)

Hello all,

The issue has been fixed,
It was on isps , there's latency between two public ip addresses,
Thanks for all
View more
  • x
  • convention:

kasamon
kasamon Created May 20, 2020 22:49:24 Helpful(0) Helpful(0)

Thank you
View more
  • x
  • convention:

Comment

Comment
You need to log in to comment to the post Login | Register

Notice Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!

My Followers

Login and enjoy all the member benefits

Login

Huawei Enterprise Support Community
Huawei Enterprise Support Community
Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.