Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
591
Views
0
Helpful
3
Replies

one way vpn with asa to 800 router

Go to solution
mulhollandm
Level 1
Level 1

‎04-05-2012 01:15 PM

folks

i have a site to site vpn to set up between an asa 5540 and an 800 router

i only want the vpn to be initiated from the asa with the remote 800 listening for inbound connections

i know i can set the connection type on the asa as originate-only but i can find a command equivalent to answer-only for the remote 800

can anyone point me in the right direction or is it sufficient to simply configure the asa as originate-only for this crypto map

thanks to anyone taking the time to respond

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Javier Portuguez
Level 9
Level 9

‎04-10-2012 01:15 PM

Hi,

I would recommend configuring the tunnel as a dynamic to static VPN tunnel, the ASA will be the static peer so it will be the initiator and the Router will never be able to initiate the connection.

The ASA will have a common L2L configuration, but the Router will use a dynamic crypto map.

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008051a69a.shtml

The PIX in the example is old so you can just adjust the commands to your current version, the important thing is to understand the concept.

Please let me know if this answers your question,

Thanks.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Javier Portuguez
Level 9
Level 9

‎04-10-2012 01:15 PM

Hi,

I would recommend configuring the tunnel as a dynamic to static VPN tunnel, the ASA will be the static peer so it will be the initiator and the Router will never be able to initiate the connection.

The ASA will have a common L2L configuration, but the Router will use a dynamic crypto map.

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008051a69a.shtml

The PIX in the example is old so you can just adjust the commands to your current version, the important thing is to understand the concept.

Please let me know if this answers your question,

Thanks.

0 Helpful

Go to solution
mulhollandm
Level 1
Level 1
In response to Javier Portuguez

‎04-16-2012 02:10 AM

javier

apologies for the delay in getting bqack to you but many thanks for your help

i'll run this up in a lab but it does seem the way to go

thanks again

0 Helpful

Go to solution
Javier Portuguez
Level 9
Level 9
In response to mulhollandm

‎04-16-2012 05:09 AM

I am glad to hear that

Please count on us at any time.

Take care!!

0 Helpful
Customers Also Viewed These Support Documents