Cisco Cisco ASA 5520 Adaptive Security Appliance Guía Para Resolver Problemas
ip address 10.0.0.2 255.255.255.0
interface GigabitEthernet0/2
nameif inside
security-level 100
ip address 192.168.2.1 255.255.255.0
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
access-list l2l_list extended permit ip host 192.168.2.99
host 191.168.1.1
access-list l2l_list extended permit ip host 192.168.2.99
host 191.168.1.12
crypto map outside_map 1 match address l2l_list
crypto map outside_map 1 set peer 10.0.0.1
crypto map outside_map 1 set ikev2 ipsec-proposal AES256
crypto map outside_map interface outside
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 2
prf sha
lifetime seconds 86400
crypto ikev2 enable outside
tunnel-group 10.0.0.1 type ipsec-l2l
tunnel-group 10.0.0.1 ipsec-attributes
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
Debugs
ASA1 (Initiator)
Message Description
Debugs
ASA2 (Responder)
Message Description
ASA1 receives a
packet that matches the
crypto acl for peer
ASA 10.0.0.2. Initiates
SA creation.
packet that matches the
crypto acl for peer
ASA 10.0.0.2. Initiates
SA creation.
IKEv2-PLAT-3: attempting to find tunnel
group for IP: 10.0.0.2
IKEv2-PLAT-3: mapped to tunnel group 10.0.0.2
using peer IP
IKEv2-PLAT-3: my_auth_method = 2
IKEv2-PLAT-3: supported_peers_auth_method = 2
IKEv2-PLAT-3: P1 ID = 0
IKEv2-PLAT-3: Translating IKE_ID_AUTO to = 255
IKEv2-PLAT-3: (16) tp_name set to:
IKEv2-PLAT-3: (16) tg_name set to: 10.0.0.2
IKEv2-PLAT-3: (16) tunn grp type set to: L2L
IKEv2-PLAT-5: New ikev2 sa request admitted
IKEv2-PLAT-5: Incrementing outgoing negotiating
sa count by one
IKEv2-PLAT-5: Incrementing outgoing negotiating
sa count by one
The first pair of
messages is the
IKE_SA_INIT
exchange. These
messages negotiate
cryptographic
algorithms, exchange
nonces, and do a
messages is the
IKE_SA_INIT
exchange. These
messages negotiate
cryptographic
algorithms, exchange
nonces, and do a
IKEv2-PROTO-5: (16): SM Trace->
SA: I_SPI=DFA3B583A4369958 R_SPI=0000000000000000 (I)
MsgID = 00000000 CurState: IDLE Event: EV_INIT_SA
IKEv2-PROTO-5: (16): SM Trace->
SA: I_SPI=DFA3B583A4369958 R_SPI=0000000000000000 (I)
MsgID = 00000000 CurState: I_BLD_INIT
Event: EV_GET_IKE_POLICY
IKEv2-PROTO-3: (16): Getting configured policies
IKEv2-PROTO-5: (16): SM Trace->
SA: I_SPI=DFA3B583A4369958 R_SPI=0000000000000000