Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search instead for
Did you mean:
How to configure one way VPN tunnel on the PIX/ASA
If you set up the PIX/ASA on main site in order to initiate VPN tunnel and remote site, only the main site should be able to initiate the tunnel. The remote site should not be able to initiate the VPN connection.
In order to have the VPN tunnel be initiated only from one end, configure the head end of the connection as originate-only with the originate-only keyword in the crypto map entry, and the remote end with answer-only keyword.
Refer to this crypto map configuration example on main site:
crypto map outside_map 20 match address 102 crypto map outside_map 20 set peer 10.10.10.1 crypto map outside_map 20 set connection-type originate-only crypto map outside_map 20 set transform-set ESP-AES-256-SHA crypto map outside_map interface outside
For the remote site:
crypto map vpn_map 20 match address 101 crypto map vpn_map 20 set peer 10.10.20.20 crypto map vpn_map 20 set connection-type answer-only crypto map vpn_map 20 set transform-set ESP-AES-256-SHA crypto map vpn_map interface outside