Multiple Mode ASA 5510 - VPN?

Unanswered Question
Feb 14th, 2008


I'm trying to set up a 5510 in multiple mode and cannot see to get it to recognise any VPN or IPSEC commands or configuration at all. I'm doing it through the CLI.

Am I correct in trying to configure it under a particular context?

sample config bits are as follows:

group-policy GWUK_Birm_HO internal

group-policy GWUK_Birm_HO attributes

dns-server value xx.xx.xx.xx

vpn-tunnel-protocol IPSec

split-tunnel-policy tunnelspecified

split-tunnel-network-list value GW_HO_USERS_VPN

address-pools value GWPOOL

username paxxxrd password VuW157xxxxxNdMC encrypted privilege 0

username patgxxard attributes

vpn-group-policy GWUK_Birm_HO

crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac

crypto dynamic-map Cogent_INT_dyn_map 20 set pfs

crypto dynamic-map Cogent_INT_dyn_map 20 set transform-set ESP-3DES-SHA

crypto map Cogent_INT_map 20 set pfs

crypto map Cogent_INT_map 20 set peer 2x.xx.xx.10

crypto isakmp identity address

crypto isakmp enable Cogent_INT

crypto isakmp policy 10

authentication pre-share

encryption 3des

hash md5

group 2

lifetime 86400

tunnel-group GWUK_Birm_HO type ipsec-ra

tunnel-group GWUK_Birm_HO general-attributes

address-pool GWPOOL

default-group-policy GWUK_Birm_HO

errors are as follows:

GS-ASA/CTX1(config)# tunnel-group GWUK_Birm_HO type ipsec-ra


ERROR: % Invalid input detected at '^' marker.

Can anyone help me here. Please don't tell me that ASA doesn't do VPNs in Multiple mode......

Show ver output:

GS-ASA/CTX1# sh ver

Cisco Adaptive Security Appliance Software Version 7.2(3) <context>

Device Manager Version 5.2(3)

Compiled on Wed 15-Aug-07 16:08 by builders

GS-ASA up 15 days 3 hours

Hardware: ASA5510, 256 MB RAM, CPU Pentium 4 Celeron 1600 MHz

Internal ATA Compact Flash, 256MB

BIOS Flash M50FW080 @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)

Boot microcode : CNlite-MC-Boot-Cisco-1.2

SSL/IKE microcode: CNlite-MC-IPSEC-Admin-3.03

IPSec microcode : CNlite-MC-IPSECm-MAIN-2.04

0: Ext: Ethernet0/0 : address is 001d.a29a.6d80, irq 9

1: Ext: Ethernet0/1 : address is 001d.a29a.6d81, irq 9

2: Ext: Ethernet0/2 : address is 001d.a29a.6d82, irq 9

3: Ext: Ethernet0/3 : address is 001d.a29a.6d83, irq 9

4: Ext: Management0/0 : address is 001d.a29a.6d84, irq 11

5: Int: Not used : irq 11

6: Int: Not used : irq 5

Licensed features for this platform:

Maximum Physical Interfaces : Unlimited

Maximum VLANs : 100

Inside Hosts : Unlimited

Failover : Active/Active

VPN-DES : Enabled

VPN-3DES-AES : Enabled

Security Contexts : 2

GTP/GPRS : Disabled

VPN Peers : 250

WebVPN Peers : 2

This platform has an ASA 5510 Security Plus license.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)


This Discussion