If the VPN tunnel is initiated by the Cisco device after the timeout, it will create a new tunnel and traffic will pass without issue.
A tear down message may or may not be sent to the receiving host, in this case a Palo Alto Networks firewall. If the ASA initiates the tunnel, traffic will pass.īy default the Cisco ASA router will terminate an idle session, regardless of the re-key timer on the tunnel. The tunnel drops and the Palo Alto tries to re-initiate and fails.
Now, I've used an older Linksys-branded RV042 (with 1.3.12) and have successfully connected with IPSecuritas using GroupVPN.Ĭan anyone offer any help or suggestions? Will provide more info if required.A Cisco ASA router initiates an IPSEC VPN tunnel to a Palo Alto Networks firewall. INITIAL-CONTACT is off ("On" also works.) Gateway: x.x.x.x (correct router address) Here are the VPN Tracker settings, which DO work: (I've also tried changing these options, without success so far). Options - IPSec DOI, SIT_IDENTITY_ONLY, Initial Contact, Generate Policy, Support Proxy are ON Preshared key is set and identical to that on router. Local: Endpoint is host, IP address blankĮxchange: Aggressive, Proposal: Claim (have also tried Obey and Check) Remote device: x.x.x.x (correctly set to router static IP). Phase 2: Group 2 (1024) / 3DES / SHA1 / 3600 secsĪdvanced: Aggressive mode, Keep-alive are ON. Router VPN (this is in dual-WAN mode, but only has one active WAN connection at WAN1): NOTE: I CAN successfully connect to this tunnel using VPN Tracker 6, but if I can get IPSecuritas working, I'd rather use that. 74.66.69.139=? #70: encrypted Informational Exchange message is invalid because no key is known 74.66.69.139=? #70: Quick Mode message is unacceptable because it is for an incomplete ISAKMP SA 74.66.69.139=? #70: packet rejected: should have been encrypted VPN Log packet from 74.66.69.139:500: > Responder Send Aggressive Mode 2nd packet VPN Log packet from 74.66.69.139:500: received Vendor ID payload ]
(The connecting IP address is dynamic, so I haven't obscured it.) From the remote side, I'm going through an Apple Airport Extreme, which should passthrough IPSec traffic just fine. Here are the VPN messages from the router (shortened to remove duplicate messages). On the client side, I get the following errors: It seems to work fine from Firefox 4.Ģ) This is the real issue - I cannot get a VPN GroupVPN (or Client to Gateway, for that matter) connection working with IPSecuritas on the Mac. After logging in to the router, I'm kicked back out to the login prompt. I have two problems:ġ) (less important) I cannot log into the router's interface from Safari 5.0.x. I'm trying to configure a VPN tunnel so that they can access office resources from "road-warrior"-type situations (laptop at home or elsewhere). It's the gateway router at a client with a static IP address. I have a new RV042 v03 with 4.0.0.07 firmware.