ASA to Juniper, 2nd VPN

Unanswered Question
Nov 5th, 2007
User Badges:

I need to create a 2nd site to site VPN to a JUNIPER device.


Here is the existing VPN config:

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto map Outside_map 20 match address Outside_20_cryptomap

crypto map Outside_map 20 set peer 121.47.181.205

crypto map Outside_map 20 set transform-set ESP-3DES-SHA

crypto map Outside_map interface Outside

crypto isakmp enable Outside

crypto isakmp policy 10

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

tunnel-group 121.47.181.205 type ipsec-l2l

tunnel-group 121.47.181.205 ipsec-attributes

pre-shared-key *


+++++++++++++++++++++++++++++++++++++


what I want to add: I think!


+++++++++++++++++++++++++++++++++++++


Access-list public remark for HABAND site to site VPN

Access-list public extended permit ip 163.x.x.0 255.255.255.0 10.16.0.0 255.255.0.0

Crypto ipsec transform-set mine esp-3des esp-sha-hmac

Crypto map Outside-map 10 ipsec-isakmp

Crypto map Outside-map 10 match address 105

Crypto map Outside-map 10 set peer 163.48.20.198

Crypto map Outside-map 10 set transform-set nsset

Crypto map Outside-map interface Outside

Crypto Isakmp enable Outside

Crypto isakmp policy 15

Isakmp kkey ****

address 163.48.20.98 Netmask 255.255.255.255

authentication pre share

encryption 3des

hash sha

group 1

lifetime 28800

static (Inside,Outside) 121.129.231.42 10.16.0.0 netmask 255.255.0.0


========================================

1st, do I just need the 2nd policy because the interface is already defined?


I have a NAT statment, but I really want PAT, is it still ok?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
slotking22 Wed, 11/07/2007 - 08:24
User Badges:

Ok, I tink I have most of it now.


but here is my question.


If my public ip is 1.1.1.1

and I want to PAT 2.2.0.0 through it, what is the command?

Actions

This Discussion