Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1843
Views
9
Helpful
15
Replies

vpn tunnel

Go to solution
suthomas1
Level 6
Level 6

‎09-27-2010 02:17 AM - edited ‎03-11-2019 11:45 AM

Hello All,

If ASA (acting as on end peer) is used with a non-cisco product ( checkpoint, juniper, microsoft server) for ipsec purpose, Should the asa be configured to allow any specific rules like allowing udp port ah, esp from that remote end on the outside.

thanks in advance.

Labels:
0 Helpful
15 Replies 15

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to suthomas1

‎09-29-2010 06:50 AM

Well, phase 2 policy is completely different between the 2 ends.

Assuming that crypto map 50 is assigned transform-set QWERT, the policy does not match at all.

Your end: 3DES and MD5

The peer end: 3DES, SHA1 and PFS group 2

You can create a new transform-set that has the following:

crypto ipsec transform-set 3DES-SHA esp-3des esp-sha1-hmac

Then assign this transform-set to crypto map 50:

crypto map kepp 50 set transform-set 3DES-SHA

crypto map kepp 50 set pfs group2

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card