Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA to Juniper, 2nd VPN

I need to create a 2nd site to site VPN to a JUNIPER device.

Here is the existing VPN config:

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto map Outside_map 20 match address Outside_20_cryptomap

crypto map Outside_map 20 set peer

crypto map Outside_map 20 set transform-set ESP-3DES-SHA

crypto map Outside_map interface Outside

crypto isakmp enable Outside

crypto isakmp policy 10

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

tunnel-group type ipsec-l2l

tunnel-group ipsec-attributes

pre-shared-key *


what I want to add: I think!


Access-list public remark for HABAND site to site VPN

Access-list public extended permit ip 163.x.x.0

Crypto ipsec transform-set mine esp-3des esp-sha-hmac

Crypto map Outside-map 10 ipsec-isakmp

Crypto map Outside-map 10 match address 105

Crypto map Outside-map 10 set peer

Crypto map Outside-map 10 set transform-set nsset

Crypto map Outside-map interface Outside

Crypto Isakmp enable Outside

Crypto isakmp policy 15

Isakmp kkey ****

address Netmask

authentication pre share

encryption 3des

hash sha

group 1

lifetime 28800

static (Inside,Outside) netmask


1st, do I just need the 2nd policy because the interface is already defined?

I have a NAT statment, but I really want PAT, is it still ok?

New Member

Re: ASA to Juniper, 2nd VPN

Ok, I tink I have most of it now.

but here is my question.

If my public ip is

and I want to PAT through it, what is the command?