https://community.cisco.com/t5/network-security/vlan-on-asa-5520/m-p/1225348#M876331 <HTML><HEAD></HEAD><BODY><P>I need to do a vpn between two ASA 5520 with the basic IOS, can I do it?</P></BODY></HTML> Mon, 16 Feb 2009 20:33:26 GMT denaumcisco 2009-02-16T20:33:26Z https://community.cisco.com/t5/network-security/vlan-on-asa-5520/m-p/1225343#M876326 <P>Good afternoon guys,</P><P></P><P>I'd like to do a vlan with 2 interfaces and just one IP, can I do it?</P> Mon, 11 Mar 2019 14:51:14 GMT https://community.cisco.com/t5/network-security/vlan-on-asa-5520/m-p/1225343#M876326 denaumcisco 2019-03-11T14:51:14Z https://community.cisco.com/t5/network-security/vlan-on-asa-5520/m-p/1225344#M876327 <HTML><HEAD></HEAD><BODY><P>Denis</P><P></P><P>Could you give a few more details.</P><P></P><P>You can use transparent mode where you have 2 vlans with one IP but by the sounds of it this is not what you want. </P><P></P><P>Are you asking if the ASA can support IRB (Intergrated Routing/Bridging) where 2 interfaces on your ASA are in the same vlan and share an IP address ?</P><P></P><P>Jon</P></BODY></HTML> Mon, 16 Feb 2009 18:10:55 GMT https://community.cisco.com/t5/network-security/vlan-on-asa-5520/m-p/1225344#M876327 Jon Marshall 2009-02-16T18:10:55Z https://community.cisco.com/t5/network-security/vlan-on-asa-5520/m-p/1225345#M876328 <HTML><HEAD></HEAD><BODY><P>Yes Jon, something like IRB</P></BODY></HTML> Mon, 16 Feb 2009 18:51:24 GMT https://community.cisco.com/t5/network-security/vlan-on-asa-5520/m-p/1225345#M876328 denaumcisco 2009-02-16T18:51:24Z https://community.cisco.com/t5/network-security/vlan-on-asa-5520/m-p/1225346#M876329 <HTML><HEAD></HEAD><BODY><P>Denis</P><P></P><P>I'm not aware of the ASA supporting the likes of IRB but then i have never found the need to configure it so i'm not 100% certain on that. I have had a quick look at the configuration docs and couldn't find anything other than transparent mode which is slightly different ie. you bridge together 2 vlans.</P><P></P><P>Unfortunately i don't have access to an ASA to test but i don't think this is supported.</P><P></P><P>Jon</P></BODY></HTML> Mon, 16 Feb 2009 19:40:59 GMT https://community.cisco.com/t5/network-security/vlan-on-asa-5520/m-p/1225346#M876329 Jon Marshall 2009-02-16T19:40:59Z https://community.cisco.com/t5/network-security/vlan-on-asa-5520/m-p/1225347#M876330 <HTML><HEAD></HEAD><BODY><P>Well, I need to link 2 computers into the ASA using necessarily 2 ASA's interfaces.</P><P>and I need to put the same IP address on both interfaces, because the computers have the same configuration</P><P></P><P>Anybody?</P></BODY></HTML> Mon, 16 Feb 2009 19:55:37 GMT https://community.cisco.com/t5/network-security/vlan-on-asa-5520/m-p/1225347#M876330 denaumcisco 2009-02-16T19:55:37Z https://community.cisco.com/t5/network-security/vlan-on-asa-5520/m-p/1225348#M876331 <HTML><HEAD></HEAD><BODY><P>I need to do a vpn between two ASA 5520 with the basic IOS, can I do it?</P></BODY></HTML> Mon, 16 Feb 2009 20:33:26 GMT https://community.cisco.com/t5/network-security/vlan-on-asa-5520/m-p/1225348#M876331 denaumcisco 2009-02-16T20:33:26Z https://community.cisco.com/t5/network-security/vlan-on-asa-5520/m-p/1225349#M876332 <HTML><HEAD></HEAD><BODY><P>Hi Denis,</P><P></P><P>In response to your second question: yes, you can configure a basic VPN tunnel between two ASA's. Take a look at the following link for more details and configuration examples:</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/ike.html" target="_blank">http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/ike.html</A></P><P></P><P>Hope that helps.</P><P></P><P>-Mike</P></BODY></HTML> Tue, 17 Feb 2009 03:12:44 GMT https://community.cisco.com/t5/network-security/vlan-on-asa-5520/m-p/1225349#M876332 robertson.michael 2009-02-17T03:12:44Z https://community.cisco.com/t5/network-security/vlan-on-asa-5520/m-p/1225350#M876333 <HTML><HEAD></HEAD><BODY><P>Mike,</P><P></P><P>Do you have a configuration for me to do a vpn between 2 ASA 5520?</P><P></P><P>I tried use some commands from the guide that u sent to me , but without sucess</P></BODY></HTML> Wed, 18 Feb 2009 23:03:06 GMT https://community.cisco.com/t5/network-security/vlan-on-asa-5520/m-p/1225350#M876333 denaumcisco 2009-02-18T23:03:06Z https://community.cisco.com/t5/network-security/vlan-on-asa-5520/m-p/1225351#M876334 <HTML><HEAD></HEAD><BODY><P>Anybody has a configuration for me to do a vpn between 2 ASA 5520?</P><P></P><P>I tried use some commands from the guide isakmp/ipsec , but without sucess</P><P>And a solution to a backup route, I found the command "track" on the internet, but didnt work on 5520</P><P></P><P>thanks</P></BODY></HTML> Thu, 19 Feb 2009 11:13:58 GMT https://community.cisco.com/t5/network-security/vlan-on-asa-5520/m-p/1225351#M876334 denaumcisco 2009-02-19T11:13:58Z https://community.cisco.com/t5/network-security/vlan-on-asa-5520/m-p/1225352#M876335 <HTML><HEAD></HEAD><BODY><P>Here is the vpn configuration and the results</P><P></P><P>crypto isakmp policy 10 hash md5</P><P>crypto isakmp policy 10 authentication pre-share</P><P>crypto isakmp enable outside</P><P>crypto map mymap 10 match address 100</P><P>access-list 100 permit ip 172.16.3.0 255.255.255.0 172.16.1.0 255.255.255.0</P><P>crypto ipsec transform-set myset esp-des esp-hd5-hmac</P><P>crypto map mymap 10 set peer 10.22.12.22</P><P>crypto map mymap 10 set transform-set myset</P><P>crypto map mymap interface outside</P><P></P><P></P><P>Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)</P><P>Total IKE SA: 1</P><P></P><P>1 IKE Peer: 10.12.28.5</P><P> Type : user Role : initiator</P><P> Rekey : no State : MM_WAIT_MSG4</P></BODY></HTML> Thu, 19 Feb 2009 11:24:00 GMT https://community.cisco.com/t5/network-security/vlan-on-asa-5520/m-p/1225352#M876335 denaumcisco 2009-02-19T11:24:00Z https://community.cisco.com/t5/network-security/vlan-on-asa-5520/m-p/1225353#M876336 <HTML><HEAD></HEAD><BODY><P>Hi Dennis,</P><P></P><P>Can you post the configurations on both sides of tunnel? Many of the settings much match. Here is an example that should at least bring the tunnel up:</P><P></P><P>ASA1:</P><P>crypto isakmp policy 10 hash md5</P><P>crypto isakmp policy 10 authentication pre-share </P><P>crypto isakmp policy 10 encryption des</P><P>crypto isakmp policy 10 group 2</P><P>crypto isakmp policy 10 lifetime 86400</P><P>crypto isakmp enable outside</P><P>crypto map mymap 10 match address 100</P><P>access-list 100 permit ip 172.16.3.0 255.255.255.0 172.16.1.0 255.255.255.0 </P><P>crypto ipsec transform-set myset esp-des esp-md5-hmac</P><P>crypto map mymap 10 set peer 10.22.12.22</P><P>crypto map mymap 10 set transform-set myset</P><P>crypto map mymap 10 set pfs </P><P>crypto map mymap interface outside </P><P></P><P>ASA2:</P><P>crypto isakmp policy 10 hash md5</P><P>crypto isakmp policy 10 authentication pre-share </P><P>crypto isakmp policy 10 encryption des</P><P>crypto isakmp policy 10 group 2</P><P>crypto isakmp policy 10 lifetime 86400</P><P>crypto isakmp enable outside</P><P>crypto map mymap 10 match address 100</P><P>access-list 100 permit ip 172.16.1.0 255.255.255.0 172.16.3.0 255.255.255.0 </P><P>crypto ipsec transform-set myset esp-des esp-md5-hmac</P><P>crypto map mymap 10 set peer 10.22.12.21</P><P>crypto map mymap 10 set transform-set myset</P><P>crypto map mymap 10 set pfs </P><P>crypto map mymap interface outside </P><P></P><P>As I mentioned, if you are still having trouble, please post your existing configs that exist on each side of the tunnel.</P><P></P><P>Hope that helps.</P><P></P><P>-Mike</P></BODY></HTML> Thu, 12 Mar 2009 21:53:34 GMT https://community.cisco.com/t5/network-security/vlan-on-asa-5520/m-p/1225353#M876336 robertson.michael 2009-03-12T21:53:34Z