Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Dynamic IPsec Between a Static ASA Hub and Dynamic ASA Spoke

anyone can give me an hint on the sample configuration for both hob and spoke.

I have found what I need between and ASA hub and IOS spoke

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807ea936.shtml

but I also need between two ASAs

1 REPLY
Green

Re: Dynamic IPsec Between a Static ASA Hub and Dynamic ASA Spoke

The easiest way I found to accomplish this is to use the DefaultL2LGroup on the hub ASA. On the spoke ASA you will use a tunnel group equal to the ip of the hub ASA. Post your configs if you need a hand.

Hub ASA

tunnel-group DefaultL2LGroup ipsec-attributes

pre-shared-key *

Spoke ASA

tunnel-group ipsec-attributes

pre-shared-key *

Configure the rest the same way you would any other L2L tunnel.

149
Views
0
Helpful
1
Replies
CreatePlease to create content