ASA to Juniper, 2nd VPN

slotking22 · ‎11-05-2007

I need to create a 2nd site to site VPN to a JUNIPER device.

Here is the existing VPN config:

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto map Outside_map 20 match address Outside_20_cryptomap

crypto map Outside_map 20 set peer 121.47.181.205

crypto map Outside_map 20 set transform-set ESP-3DES-SHA

crypto map Outside_map interface Outside

crypto isakmp enable Outside

crypto isakmp policy 10

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

tunnel-group 121.47.181.205 type ipsec-l2l

tunnel-group 121.47.181.205 ipsec-attributes

pre-shared-key *

+++++++++++++++++++++++++++++++++++++

what I want to add: I think!

+++++++++++++++++++++++++++++++++++++

Access-list public remark for HABAND site to site VPN

Access-list public extended permit ip 163.x.x.0 255.255.255.0 10.16.0.0 255.255.0.0

Crypto ipsec transform-set mine esp-3des esp-sha-hmac

Crypto map Outside-map 10 ipsec-isakmp

Crypto map Outside-map 10 match address 105

Crypto map Outside-map 10 set peer 163.48.20.198

Crypto map Outside-map 10 set transform-set nsset

Crypto map Outside-map interface Outside

Crypto Isakmp enable Outside

Crypto isakmp policy 15

Isakmp kkey ****

address 163.48.20.98 Netmask 255.255.255.255

authentication pre share

encryption 3des

hash sha

group 1

lifetime 28800

static (Inside,Outside) 121.129.231.42 10.16.0.0 netmask 255.255.0.0

========================================

1st, do I just need the 2nd policy because the interface is already defined?

I have a NAT statment, but I really want PAT, is it still ok?

slotking22 · ‎11-07-2007

Ok, I tink I have most of it now.

but here is my question.

If my public ip is 1.1.1.1

and I want to PAT 2.2.0.0 through it, what is the command?