Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

VPN L2L Tunnel Between ASA5510 and Netscreen

Hi, I've been working on a VPN L2L tunnel between ASA5510 and Netscreen SSG for a month now with no success. The Netscreen is the remote VPN device and I have no control whatsoever on it. I, however, was able to get their config. Hope someone here can help me with this.

CONFIG FOR NETSCREEN:

set user-group "IKE-VPN-GROUP" id 4

set user-group "xAuth_VPN_GROUP" id 3

set ike gateway "MAK-DR" address xxx.xxx.xxx.xxx Main outgoing-interface "ethernet0/1" preshare "zzzzzzzzzzzzz" proposal "pre-g2-3des-sha"

set ike respond-bad-spi 1

unset ike ikeid-enumeration

unset ike dos-protection

unset ipsec access-session enable

set ipsec access-session maximum 5000

set ipsec access-session upper-threshold 0

set ipsec access-session lower-threshold 0

set ipsec access-session dead-p2-sa-timeout 0

unset ipsec access-session log-error

unset ipsec access-session info-exch-connected

unset ipsec access-session use-error-log

set xauth lifetime 120

set xauth default ippool "VPN_USERS_POOLS"

set xauth default dns1 10.198.1.1

set xauth default dns2 10.198.1.2

set xauth default wins1 10.198.1.1

set xauth default wins2 10.198.1.2

set vpn "MAK-DR" gateway "MAK-DR" no-replay tunnel idletime 0 proposal "g2-esp-3des-sha"

set vpn "MAK-DR" id 11 bind interface tunnel.2

set vrouter "untrust-vr"

exit

set vrouter "trust-vr"

exit

set attack db sigpack base

set attack db mode Update

set attack db schedule daily 05:00

set av profile "virus"

exit

set vpn "MAK-DR" proxy-id local-ip 10.198.1.0/24 remote-ip 10.198.2.0/24 "ANY"

set policy id 100 from "Trust" to "Untrust" "10.198.1.0/24" "10.198.2.0/24" "ANY" permit log

set policy id 100

set log session-init

exit

set policy id 99 from "Untrust" to "Trust" "10.198.2.0/24" "10.198.1.0/24" "ANY" permit log

set policy id 99

set log session-init

exit

unset add-default-route

set route 10.198.2.0/24 interface tunnel.2 preference 20

exit

ASA5510 configuration attached on next post.

1 REPLY
New Member

Re: VPN L2L Tunnel Between ASA5510 and Netscreen

ASA5510 configuration attached.

238
Views
0
Helpful
1
Replies
CreatePlease to create content