VPN L2L Tunnel Between ASA5510 and Netscreen

Unanswered Question
Jan 30th, 2009

Hi, I've been working on a VPN L2L tunnel between ASA5510 and Netscreen SSG for a month now with no success. The Netscreen is the remote VPN device and I have no control whatsoever on it. I, however, was able to get their config. Hope someone here can help me with this.


set user-group "IKE-VPN-GROUP" id 4

set user-group "xAuth_VPN_GROUP" id 3

set ike gateway "MAK-DR" address xxx.xxx.xxx.xxx Main outgoing-interface "ethernet0/1" preshare "zzzzzzzzzzzzz" proposal "pre-g2-3des-sha"

set ike respond-bad-spi 1

unset ike ikeid-enumeration

unset ike dos-protection

unset ipsec access-session enable

set ipsec access-session maximum 5000

set ipsec access-session upper-threshold 0

set ipsec access-session lower-threshold 0

set ipsec access-session dead-p2-sa-timeout 0

unset ipsec access-session log-error

unset ipsec access-session info-exch-connected

unset ipsec access-session use-error-log

set xauth lifetime 120

set xauth default ippool "VPN_USERS_POOLS"

set xauth default dns1

set xauth default dns2

set xauth default wins1

set xauth default wins2

set vpn "MAK-DR" gateway "MAK-DR" no-replay tunnel idletime 0 proposal "g2-esp-3des-sha"

set vpn "MAK-DR" id 11 bind interface tunnel.2

set vrouter "untrust-vr"


set vrouter "trust-vr"


set attack db sigpack base

set attack db mode Update

set attack db schedule daily 05:00

set av profile "virus"


set vpn "MAK-DR" proxy-id local-ip remote-ip "ANY"

set policy id 100 from "Trust" to "Untrust" "" "" "ANY" permit log

set policy id 100

set log session-init


set policy id 99 from "Untrust" to "Trust" "" "" "ANY" permit log

set policy id 99

set log session-init


unset add-default-route

set route interface tunnel.2 preference 20


ASA5510 configuration attached on next post.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion