04-25-2022 10:13 PM
Hi everyone,
I'm wrapping up an assignment for my networking class. For the assignment I have to build a VPN tunnel between two ASA 5505s. I've managed to do this, but have a very strange problem. Every time I close and reopen my topology in packet tracer, it removes my transform set and the command that applies it. I don't know if it is because of something in my build, or if it is just an error in packet tracer itself? I'll post my CLI output below. Can anyone spot anything?
ASA Version 8.4(2)
!
hostname ciscoasa
names
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address 65.1.1.2 255.255.255.0
!
object network BR-ASA
subnet 10.1.1.0 255.255.255.0
object network HQ-ASA
subnet 192.168.1.0 255.255.255.0
!
route outside 0.0.0.0 0.0.0.0 65.1.1.1 1
route outside 172.16.1.0 255.255.255.0 65.1.1.1 1
route outside 172.16.2.0 255.255.255.0 172.16.1.2 1
route outside 53.1.1.0 255.255.255.0 172.16.2.1 1
route outside 172.16.3.0 255.255.255.0 172.16.1.2 1
route outside 10.1.1.0 255.255.255.0 53.1.1.1 1
!
access-list outside extended permit icmp any any echo-reply
access-list outside extended permit icmp any any echo
access-list LAN_Traffic extended permit icmp object HQ-ASA object BR-ASA
access-list inside extended permit icmp any any echo-reply
access-list inside extended permit icmp any any echo
access-list inside extended permit udp any any
!
!
access-group outside in interface outside
access-group inside in interface inside
!
!
class-map icmp-class
match default-inspection-traffic
!
policy-map icmp_policy
class icmp-class
inspect icmp
!
!
telnet timeout 5
ssh timeout 5
!
dhcpd auto_config outside
!
dhcpd address 192.168.1.5-192.168.1.36 inside
dhcpd enable inside
!
!
!
crypto ipsec ikev1 transform-set VPN-Transform esp-aes 256 esp-sha-hmac
!
crypto map VPN-TRANSFORM 1 match address LAN_Traffic
crypto map VPN-TRANSFORM 1 set peer 53.1.1.2
crypto map VPN-TRANSFORM 1 set ikev1 transform-set VPN-Transform
crypto map VPN-TRANSFORM interface outside
crypto ikev1 enable outside
crypto ikev1 policy 10
encr aes
authentication pre-share
group 5
!
tunnel-group 53.1.1.2 type ipsec-l2l
tunnel-group 53.1.1.2 ipsec-attributes
ikev1 pre-shared-key cisco
!
The two commands that are removed are:
crypto ipsec ikev1 transform-set VPN-Transform esp-aes 256 esp-sha-hmac
and
crypto map VPN-TRANSFORM 1 set ikev1 transform-set VPN-Transform
04-26-2022 05:40 PM
Could be a problem with the software itself. Try either a newer version (if available) or an older one and see if its the same.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide