Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

one way vpn with asa to 800 router

folks

i have a site to site vpn to set up between an asa 5540 and an 800 router

i only want the vpn to be initiated from the asa with the remote 800 listening for inbound connections

i know i can set the connection type on the asa as originate-only but i can find a command equivalent to answer-only for the remote 800

can anyone point me in the right direction or is it sufficient to simply configure the asa as originate-only for this crypto map

thanks to anyone taking the time to respond

  • VPN
1 ACCEPTED SOLUTION

Accepted Solutions

one way vpn with asa to 800 router

Hi,

I would recommend configuring the tunnel as a dynamic to static VPN tunnel, the ASA will be the static peer so it will be the initiator and the Router will never be able to initiate the connection.

The ASA will have a common L2L configuration, but the Router will use a dynamic crypto map.

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008051a69a.shtml

The PIX in the example is old so you can just adjust the commands to your current version, the important thing is to understand the concept.

Please let me know if this answers your question,

Thanks.

3 REPLIES

one way vpn with asa to 800 router

Hi,

I would recommend configuring the tunnel as a dynamic to static VPN tunnel, the ASA will be the static peer so it will be the initiator and the Router will never be able to initiate the connection.

The ASA will have a common L2L configuration, but the Router will use a dynamic crypto map.

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008051a69a.shtml

The PIX in the example is old so you can just adjust the commands to your current version, the important thing is to understand the concept.

Please let me know if this answers your question,

Thanks.

New Member

one way vpn with asa to 800 router

javier

apologies for the delay in getting bqack to you but many thanks for your help

i'll run this up in a lab but it does seem the way to go

thanks again

one way vpn with asa to 800 router

I am glad to hear that

Please count on us at any time.

Take care!!

427
Views
0
Helpful
3
Replies