ASA to Juniper, 2nd VPN

Unanswered Question
Nov 5th, 2007
User Badges:

I need to create a 2nd site to site VPN to a JUNIPER device.

Here is the existing VPN config:

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto map Outside_map 20 match address Outside_20_cryptomap

crypto map Outside_map 20 set peer

crypto map Outside_map 20 set transform-set ESP-3DES-SHA

crypto map Outside_map interface Outside

crypto isakmp enable Outside

crypto isakmp policy 10

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

tunnel-group type ipsec-l2l

tunnel-group ipsec-attributes

pre-shared-key *


what I want to add: I think!


Access-list public remark for HABAND site to site VPN

Access-list public extended permit ip 163.x.x.0

Crypto ipsec transform-set mine esp-3des esp-sha-hmac

Crypto map Outside-map 10 ipsec-isakmp

Crypto map Outside-map 10 match address 105

Crypto map Outside-map 10 set peer

Crypto map Outside-map 10 set transform-set nsset

Crypto map Outside-map interface Outside

Crypto Isakmp enable Outside

Crypto isakmp policy 15

Isakmp kkey ****

address Netmask

authentication pre share

encryption 3des

hash sha

group 1

lifetime 28800

static (Inside,Outside) netmask


1st, do I just need the 2nd policy because the interface is already defined?

I have a NAT statment, but I really want PAT, is it still ok?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
slotking22 Wed, 11/07/2007 - 08:24
User Badges:

Ok, I tink I have most of it now.

but here is my question.

If my public ip is

and I want to PAT through it, what is the command?


This Discussion