cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
572
Views
0
Helpful
1
Replies

Packet Tracer Help - ASA Removes Transform-Set

PlatyPlox
Level 1
Level 1

Hi everyone,

I'm wrapping up an assignment for my networking class. For the assignment I have to build a VPN tunnel between two ASA 5505s. I've managed to do this, but have a very strange problem. Every time I close and reopen my topology in packet tracer, it removes my transform set and the command that applies it. I don't know if it is because of something in my build, or if it is just an error in packet tracer itself? I'll post my CLI output below. Can anyone spot anything?

ASA Version 8.4(2)

!

hostname ciscoasa

names

!

interface Ethernet0/0

switchport access vlan 2

!

interface Ethernet0/1

!

interface Ethernet0/2

!

interface Ethernet0/3

!

interface Ethernet0/4

!

interface Ethernet0/5

!

interface Ethernet0/6

!

interface Ethernet0/7

!

interface Vlan1

nameif inside

security-level 100

ip address 192.168.1.1 255.255.255.0

!

interface Vlan2

nameif outside

security-level 0

ip address 65.1.1.2 255.255.255.0

!

object network BR-ASA

subnet 10.1.1.0 255.255.255.0

object network HQ-ASA

subnet 192.168.1.0 255.255.255.0

!

route outside 0.0.0.0 0.0.0.0 65.1.1.1 1

route outside 172.16.1.0 255.255.255.0 65.1.1.1 1

route outside 172.16.2.0 255.255.255.0 172.16.1.2 1

route outside 53.1.1.0 255.255.255.0 172.16.2.1 1

route outside 172.16.3.0 255.255.255.0 172.16.1.2 1

route outside 10.1.1.0 255.255.255.0 53.1.1.1 1

!

access-list outside extended permit icmp any any echo-reply

access-list outside extended permit icmp any any echo

access-list LAN_Traffic extended permit icmp object HQ-ASA object BR-ASA

access-list inside extended permit icmp any any echo-reply

access-list inside extended permit icmp any any echo

access-list inside extended permit udp any any

!

!

access-group outside in interface outside

access-group inside in interface inside

!

!

class-map icmp-class

match default-inspection-traffic

!

policy-map icmp_policy

class icmp-class

inspect icmp

!

!

telnet timeout 5

ssh timeout 5

!

dhcpd auto_config outside

!

dhcpd address 192.168.1.5-192.168.1.36 inside

dhcpd enable inside

!

!

!

crypto ipsec ikev1 transform-set VPN-Transform esp-aes 256 esp-sha-hmac

!

crypto map VPN-TRANSFORM 1 match address LAN_Traffic

crypto map VPN-TRANSFORM 1 set peer 53.1.1.2

crypto map VPN-TRANSFORM 1 set ikev1 transform-set VPN-Transform

crypto map VPN-TRANSFORM interface outside

crypto ikev1 enable outside

crypto ikev1 policy 10

encr aes

authentication pre-share

group 5

!

tunnel-group 53.1.1.2 type ipsec-l2l

tunnel-group 53.1.1.2 ipsec-attributes

ikev1 pre-shared-key cisco

!

 

 

The two commands that are removed are:
crypto ipsec ikev1 transform-set VPN-Transform esp-aes 256 esp-sha-hmac

and

crypto map VPN-TRANSFORM 1 set ikev1 transform-set VPN-Transform

1 Reply 1

Udupi Krishna.
Cisco Employee
Cisco Employee

Could be a problem with the software itself. Try either a newer version (if available) or an older one and see if its the same.

Review Cisco Networking for a $25 gift card