08-11-2008 12:02 PM - edited 02-21-2020 03:53 PM
is it possible to create a vpn tunnel using a pre-defined criteria? in the ASA 5505, IOS Version 8.0(3).
regards.
08-11-2008 11:06 PM
Hi,
On the ASA the VPN tunnels are created by matching a specific access-list (source, destination, ports).
Can you elaborate a bit what you are trying to achieve?
Regards,
Daniel
08-12-2008 06:42 AM
Hi Daniel,
I'have a IP phone in a remote site, but the generated packets created from the remote site using the IP phone did NOT create the VPN tunnel, only the packets generated by the PING command... any ideias?
regards.
08-12-2008 11:37 AM
Can you post your configs? Specially the Crypto ACL?
Cisco IP Phone (SCCP /SIP what protocol?)
Regards
Farrukh
08-12-2008 12:46 PM
hi
my settings
ipsec - site A
crypto map outside_map 2 match address outside_cryptomap
crypto map outside_map 2 set peer 201.10.10.10
crypto map outside_map 2 set transform-set ESP-3DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
acl - site A
access-list outside_cryptomap extended permit ip 10.0.2.0 255.255.255.0 10.0.1.0 255.255.255.0
ipsec - site B
crypto map outside_map0 2 match address outside_cryptomap_1
crypto map outside_map0 2 set peer 202.10.10.10
crypto map outside_map0 2 set transform-set ESP-3DES-SHA
crypto map outside_map0 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map0 interface outside
crypto isakmp enable outside
acl - site B
access-list outside_cryptomap_1 extended permit ip 10.0.1.0 255.255.255.0 10.0.2.0 255.255.255.0
The protocol is H323.
regards.
08-12-2008 06:21 PM
Configuration seems OK. Do the following;
debug crypto isakmp 127
debug crypto engine
And then the following (on both sides)
clear crypto isakmp sa
clear crypto ipsec sa
Then initiate the voice traffic and see if VPN kicks in.
Is there any NAT? how is the NAT 0 config look like?
Regards
Farrukh
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: