The Cisco document states that the IPSec L2L tunnels require static IP addressing on each end -
tunnel-group 172.17.1.1 type ipsec-l2l
!--- In order to create and manage the database of connection-specific !--- records for ipsec-l2l—IPsec (LAN-to-LAN) tunnels, use the command !--- tunnel-group in global configuration mode. !--- For L2L connections the name of the tunnel group MUST be the IP !--- address of the IPsec peer.
tunnel-group 172.17.1.1 ipsec-attributes
!--- Enter the pre-shared-key in order to configure the !--- authentication method".
I asked the vendor for the CME equipment about just using EasyVPN in NEM mode, since I know that would route networks, but he said that won't work for multiple subnets behind routers behind the VPN-endpoints.
Is it in fact possible to establish an IPSec L2L VPN tunnel between an ASA with a fixed IP and a remote 29XX router
with a dynamic IP address, and route several subnets over that link?
I can post bits of config, but some of this is proprietary to that vendor, so I can't post entire configs..
One thing you should do is to open IPSec pass-through inspection on the ASA and setup one-to-one NAT (if NAT control is enabled), otherwise just opened an ACL on the outside interface to allow traffic from the remote ASA to the LOCAL Router on ESP, ISAKMP and NAT-T.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :