Dynamic Site to Site VPN

Unanswered Question
hadbou Thu, 01/10/2008 - 09:59
User Badges:
  • Bronze, 100 points or more

Refer to Configuring IPSec Between Two PIXes With VPN Client 4.x Access in order to configure Site-to-Site VPN client connection on the same PIX.


On completion, the crypto-map configuration ideally looks like this example:

crypto map VpnTunnel 10 match address 100

crypto map VpnTunnel 10 set peer

!-- This is the LAN-to-LAN tunnel with Lower sequence number, high priority.

crypto map VpnTunnel 10 set transform-set lan2lan

crypto map VpnTunnel 20 ipsec-isakmp dynamic dyn1

!-- This is the dynamic map with higher sequence number, lower priority.

crypto map VpnTunnel interface OutSide

gjstem Thu, 01/10/2008 - 16:53
User Badges:

To get this to work on the ASA you need to set the pre-shared key on the L2L base group which does not require a peer address. This behavior resembles what you would have had to do on a VPN concentrator.

To see the base group:

show run all


This Discussion