VPN Phase-2 down?


Hi Everyone,


Consider a scenario that site to site vpn tunnel is build between two ASA's, Phase -1 is up and it shows MM_Active but the issue is with Phase -2

apart from checking transform set parameters on both ASA's, please let me know what are all other troubleshooting steps to follow to make Phase -2  UP.

Thanks in Advance.


- Arjun

  • Total 1 Answer
  • 1865
Can You answer this question?

On ASA VPN is pain sometimes -;

1)For Phase 2

Please check intresting traffic ACL on both ends.

2)IF CA is used for authentiation

Please check peer id related issues.

Trustpoint should be defined.

If error is peer id certificate validation failed in that case you have to run

no ignore ipsec-keyusage under crypto ca truspoint configuration.


Please share the error you are getting .