Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA to Juniper, 2nd VPN

I need to create a 2nd site to site VPN to a JUNIPER device.

Here is the existing VPN config:

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto map Outside_map 20 match address Outside_20_cryptomap

crypto map Outside_map 20 set peer 121.47.181.205

crypto map Outside_map 20 set transform-set ESP-3DES-SHA

crypto map Outside_map interface Outside

crypto isakmp enable Outside

crypto isakmp policy 10

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

tunnel-group 121.47.181.205 type ipsec-l2l

tunnel-group 121.47.181.205 ipsec-attributes

pre-shared-key *

+++++++++++++++++++++++++++++++++++++

what I want to add: I think!

+++++++++++++++++++++++++++++++++++++

Access-list public remark for HABAND site to site VPN

Access-list public extended permit ip 163.x.x.0 255.255.255.0 10.16.0.0 255.255.0.0

Crypto ipsec transform-set mine esp-3des esp-sha-hmac

Crypto map Outside-map 10 ipsec-isakmp

Crypto map Outside-map 10 match address 105

Crypto map Outside-map 10 set peer 163.48.20.198

Crypto map Outside-map 10 set transform-set nsset

Crypto map Outside-map interface Outside

Crypto Isakmp enable Outside

Crypto isakmp policy 15

Isakmp kkey ****

address 163.48.20.98 Netmask 255.255.255.255

authentication pre share

encryption 3des

hash sha

group 1

lifetime 28800

static (Inside,Outside) 121.129.231.42 10.16.0.0 netmask 255.255.0.0

========================================

1st, do I just need the 2nd policy because the interface is already defined?

I have a NAT statment, but I really want PAT, is it still ok?

1 REPLY
New Member

Re: ASA to Juniper, 2nd VPN

Ok, I tink I have most of it now.

but here is my question.

If my public ip is 1.1.1.1

and I want to PAT 2.2.0.0 through it, what is the command?

167
Views
0
Helpful
1
Replies