cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
308
Views
0
Helpful
1
Replies

Dynamic IPsec Between a Static ASA Hub and Dynamic ASA Spoke

LOUIS BOUCHARD
Level 1
Level 1

anyone can give me an hint on the sample configuration for both hob and spoke.

I have found what I need between and ASA hub and IOS spoke

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807ea936.shtml

but I also need between two ASAs

1 Reply 1

acomiskey
Level 10
Level 10

The easiest way I found to accomplish this is to use the DefaultL2LGroup on the hub ASA. On the spoke ASA you will use a tunnel group equal to the ip of the hub ASA. Post your configs if you need a hand.

Hub ASA

tunnel-group DefaultL2LGroup ipsec-attributes

pre-shared-key *

Spoke ASA

tunnel-group ipsec-attributes

pre-shared-key *

Configure the rest the same way you would any other L2L tunnel.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: