cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
382
Views
0
Helpful
1
Replies

Dynamic IPsec Between a Static ASA Hub and Dynamic ASA Spoke

LOUIS BOUCHARD
Level 1
Level 1

anyone can give me an hint on the sample configuration for both hob and spoke.

I have found what I need between and ASA hub and IOS spoke

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807ea936.shtml

but I also need between two ASAs

1 Reply 1

acomiskey
Level 10
Level 10

The easiest way I found to accomplish this is to use the DefaultL2LGroup on the hub ASA. On the spoke ASA you will use a tunnel group equal to the ip of the hub ASA. Post your configs if you need a hand.

Hub ASA

tunnel-group DefaultL2LGroup ipsec-attributes

pre-shared-key *

Spoke ASA

tunnel-group ipsec-attributes

pre-shared-key *

Configure the rest the same way you would any other L2L tunnel.

Review Cisco Networking for a $25 gift card