I am trying to setup vpn access for some external users. I am new to this and am a bit confused on the crypto map 'name' set peer command. What is the peer? Is this the remote user coming in? If so how would I specify a subnet rather than an individual IP?
To Provide VPN Access for exxternal Clients, you should normally use the "Dynamic-Maps" instead of Static . "set peer" is used for Static maps in which you know the ip addresses for the remote end, which won't be possible in your scenario.
A peer is the end-point of a VPN secure connection. It could be a router or a pix. There are 2 things that needs to be clarified about. First, you can use Dynamic crypto maps when you don't know the peer ip address of a mobile user but the mobile peer knows its peer ip address. This happens when you an HQ site end router is tryping to establish a VPN with a mobile user.
The second thing is, if you want to a set of external hosts (all in the same subnet) to establish a VPN to your site, then put them behind a PIX or a high end router like 72xx and initiate a VPN connection from the PIX/72xx to your site.
Note that in both cases, your site end router/pix should use dynamic crypto map and the external hosts (who can mobile i.e., they can have different ip address at different times)should use static crypto map. If the external host(s) is/are static with a constant global ip address, then use a static crypto map.
Let me know if you need a sample scenario and config.
I would love a sample scenario using the dynamic crypto map. I have one configured for my mobile users. I am a newbie and haven't gotten to the docs yet on the dynamic setup so that would be wonderful.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...