Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Problem to establish L2L Static-to.dynamy VPN between ASA5520 and 877

I need help to solve a problem to establish VPN connection between ASA5520 and router 877.

this is the configs

ASA Configuration

crypto ipsec transform-set myset esp-3des esp-sha-hmac

crypto ipsec security-association lifetime seconds 86400

crypto ipsec security-association lifetime kilobytes 4608000

crypto ipsec fragmentation before-encryption management

crypto ipsec fragmentation before-encryption Inside

crypto ipsec fragmentation before-encryption Outside

crypto ipsec df-bit copy-df management

crypto ipsec df-bit copy-df Inside

crypto ipsec df-bit copy-df Outside

crypto dynamic-map dynmap 19 set transform-set myset

crypto dynamic-map dynmap 19 set security-association lifetime seconds 86400

crypto dynamic-map dynmap 19 set security-association lifetime kilobytes 4608000

crypto map mymap 40 ipsec-isakmp dynamic dynmap

crypto map mymap interface Outside

isakmp identity hostname

isakmp enable Outside

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption 3des

isakmp policy 10 hash sha

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

tunnel-group L2L type ipsec-l2l

tunnel-group L2L ipsec-attributes

pre-shared-key *

peer-id-validate req

--------------------------------------------------------------------------------------------

Router Configuration

crypto isakmp policy 20

encr 3des

authentication pre-share

hash sha

group 2

crypto isakmp key ****** address x.x.x.x

!

!

crypto ipsec transform-set myset esp-3des esp-sha-hmac

!

crypto map mymap 15 ipsec-isakmp

set peer x.x.x.x

set security-association lifetime seconds 86400

set transform-set myset

match address VPN

add the debug crypto isakmp and debug crypto ipsec

  • VPN
1 REPLY
Silver

Re: Problem to establish L2L Static-to.dynamy VPN between ASA552

LAN-to-LAN IPsec tunnel between two Cisco Secure PIX Firewalls. Each PIX Firewall has a private protected network behind it. This concept also applies when you translate subnets instead of individual hosts.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008022f99e.shtml

120
Views
0
Helpful
1
Replies
This widget could not be displayed.