we're realizing a project with 5x ASA 5505 Base License and one 5512-X in a computing center. The 5 branches shall be work as dynamic sites, because they are all running on dynamic internet connection. I read, that on the main site (ASA 5512-X) the access from dynamic IPs must be permit, so that a IKE-Exchange and the IPsec tunnel can be established.
We all are new to Cisco ASA devices. I read a lot in "Cisco ASA configuration" written by Richard A. Deal and "Cisco ASA: All-in-one firewall.." written by Frahim & Santos. Everywhere only static L2L tunnels are discussed, but dyn. L2L scripts are missing.
I've done all the config with ASDM, but have read many CLI configurations also.
I got different failures in ASDM syslog, depending on which mode I choose.
I paste the conf. of both ASA 5505 (for test-tunnel). Later 5505 and 5512-X will be connected.
One comes with dynamic cryptomap and the other with static.
I will be grateful if someone could figured out what's the problem.
I know this tutorial yet. I've tried it one time, but didn't work out. Maybe I made a mistake. I'll try it again.
When I configure dynamic tunnels, ADSM / CLI output says something like "dynamic l2l tunnels will fail if no cert. will be used and/or agressive mode is not used on peer". Sry, I don't got the message with me a.t.m.
1) Which mode do I have to use for tunnel build-up process? AM or MM? Do I really need to use AM?
Furthermore I'd rather prefer to use IKEv2, because tunnel build-up process shall work less fault-prone than IKEv1. 2) Is it the same procedure as IKEv1 or do I have to consider some special points?
3) What's about naming the tunnel-profiles / tunnel-groups? Is it necessary to match the tunnel-profile name? Does it has a consequence when writing the connection name in addition to the peer IP in connection profile on dynamic site?
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...