I currently have a Cisco ASA running 8.4 configured up for a IP Sec Tunnel to a 3rd PArty and is working no problem. However, I want to add another IP Sec Tunnel to a different vendor. Last time I tried this it took down the working one, wonder if someone can advise on the following config snippet?
***Working**** crypto map OutsideMap 1 match address VPNtoNet crypto map OutsideMap 1 set peer 184.108.40.206 crypto map OutsideMap 1 set ikev1 transform-set ESP-AES-256-SHA crypto map OutsideMap interface outside ! tunnel-group 220.127.116.11 type ipsec-l2l tunnel-group 18.104.22.168 ipsec-attributes ikev1 pre-shared-key blahblah
- Configure Tunnel group tunnel-group 22.214.171.124 type ipsec-l2l tunnel-group 126.96.36.199 ipsec-attributes ikev1 pre-shared-key TESTTEST
- Confiure ACLs object network Int_SVRs subnet 192.168.1.0 255.255.255.0 description VLAN to be IPSec tunnel to 3rd Party access-list in_outside extended permit ip host 188.8.131.52 any access-list VPNtoNet2 extended permit ip object-group IntCloud_SVRs host 184.108.40.206
Yes you enter the new L2L VPN connections parameters with the new number. However you dont need to issue the "crypto map interface outside" again since the Crypto Map is already attached there.
Especially since this connections is configured with a higher number than the original L2L VPN configuration it shouldnt affect it.
I would imagine that the more likely reason adding a new connection caused problem for the existing is some missconfigured NAT perhaps?
I find it strange though that on both of your L2L VPN configurations you have the Encyption domain ACL configured so that the remote VPN gateway peer IP address is the only network/host on the remote end. Unless the changed IP address for the post are following the correct logic.
It would probably be easier to troubleshoot if we could see the configuration in its form when you had problems with the existing L2L VPN.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...