Currently, I have several vpn tunnels connected to the ASA 7.0 firewall. I just received a new firewall that is running ASA 8.6 and after using the connection wizards for site-to-site VPN on both firewalls, the connection was never made. I have tried looking at each individual aspect on each configurations to make sure everything is in sync, but to no avail.
Are these two versions of ASA even compatible? I've seen a lot of posts saying how things have changed after a certain version of ASA but I haven't been able to pinpoint my problem. Any knowledge/advice would be greatly appreciated.
As long as you don't use any of the features like IKEv2 that were not supported on the older ASA code, an IPSec LAN-LAN tunnel is definitely compatible. Basic IPSec hasn't changed and is interoperable not only across ASA revisions but across third parties. That's the benefit of a standard after all.
If it's possible to supply us the respective configurations (at least the bits for the tunnel), we could give much more focused advice.
Here are the two configurations. The first one is from our new firewall (ASA 8.6) and the second one is from our older firewall (ASA 7.0). I tried to remove any unnecessary text from the config. I hope I included everything. Thanks a lot for checking into it for me.
ASA Version 8.6(1)2 ! interface GigabitEthernet0/0 nameif outside security-level 0 ip address 18.104.22.168 255.255.255.0 ! interface GigabitEthernet0/1 nameif inside security-level 100 ip address 192.168.22.1 255.255.255.0 !
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :