Dynamic Site to Site VPN

Unanswered Question
hadbou Thu, 01/10/2008 - 09:59
User Badges:
  • Bronze, 100 points or more

Refer to Configuring IPSec Between Two PIXes With VPN Client 4.x Access in order to configure Site-to-Site VPN client connection on the same PIX.


http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00800948b8.shtml


On completion, the crypto-map configuration ideally looks like this example:




crypto map VpnTunnel 10 match address 100

crypto map VpnTunnel 10 set peer 70.70.70.70

!-- This is the LAN-to-LAN tunnel with Lower sequence number, high priority.

crypto map VpnTunnel 10 set transform-set lan2lan

crypto map VpnTunnel 20 ipsec-isakmp dynamic dyn1

!-- This is the dynamic map with higher sequence number, lower priority.

crypto map VpnTunnel interface OutSide


gjstem Thu, 01/10/2008 - 16:53
User Badges:


To get this to work on the ASA you need to set the pre-shared key on the L2L base group which does not require a peer address. This behavior resembles what you would have had to do on a VPN concentrator.


To see the base group:


show run all

Actions

This Discussion