The following crypto statement works on the VXR router but is not accepted by the ASA. It allows me to enter just 0.0.0.0 but then says I can only setup L2L in aggresive mode. Any thoughts on how to allow any address to create a L2L tunnel?
If Im not mistaken crypto isakmp key **** address 0.0.0.0 0.0.0.0 is to allow IOS router to accept dynamic IPsec peer connections in a L2L scenario.
To achive this in ASA you will need to configure Dynamic to static IPsec L2L tunnels between your ASA5550 that has static public IP on outside interface and your peers that are dynamic non-static assigments.
I ended up using a DMVPN config with the tunnel group statements as you mentioned. It worked like a charm however it only works in aggressive mode which ends up failing our PCI compliance. So it looks like I will have to just write up a compensating controls document to account for it. I appreciate the feedback I received.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...