@networknerd I will check out the blog as well thank you. Btw: just to give you an update, I had to do 2 more things to get a stable tunnel and that is set the 2nd Phase Lifetime to be lower than the Phase 1 and remove other encryption policies on the ASA. For example, I used for Phase One 3DES, SHA, DH Group 2 and Lifetime 86400 and for Phase 2 I used AES192, SHA, PFS Off and Lifetime 28800. On the ASA side, I disabled the IKev2 and for the Encryption Policy I only left enabled what you see above, plus obviously matched the time to 28800. I got stable tunnel then. Before these changes the tunnel kept dropping.

Hi NetworkNerd,

I SIMPLY HAD TO create an account to say BIG THANK YOU for putting this together, so thoroughly and being so pedantic about details (just like me) with all information that one could possibly need. It saved my "bacon" two days ago when setting up S2S VPN between MX84 and ASA5510. I couldn't work out why it doesn't sync. Without your KB I'd have to reschedule an important project so again, thank you. I can only hope you got more of these coming.