06-26-2012 04:57 AM - edited 03-11-2019 04:23 PM
I'm replacing a PIX 501 with a new ASA. The 501 already has the VPN details and all works but when i try to replicate with the ASDM i'm having no joy. I'm having trouble configuring my Cisco ASA to do a site to site VPN to our Cisco PIX. Could someone suggest the ASA commands i should enter. Here is the current PIX 501 vpn information:
access-list outside_cryptomap_19 permit ip 192.168.40.0 255.255.255.0 192.168.200.0 255.255.255.0
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto map outside_map_1 19 ipsec-isakmp
crypto map outside_map_1 19 match address outside_cryptomap_19
crypto map outside_map_1 19 set peer 62.244.186.18
crypto map outside_map_1 19 set transform-set ESP-DES-MD5
crypto map outside_map_1 20 ipsec-isakmp
isakmp enable outside
isakmp key ******** address 0.0.0.0 netmask 0.0.0.0
isakmp identity address
isakmp nat-traversal 20
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
What would be the equivelent for the ASA?
Any help is appreciated.
Thanks,
Tarran
06-26-2012 06:02 AM
What version of ASA are you running?
06-26-2012 06:26 AM
On the ASA you need to configure a tunnel-group. Inside the tunnel-group you specify the PSK which was configured previously in isakmp-config:
tunnel-group 1.2.3.4 type ipsec-l2l
tunnel-group 1.2.3.4 ipsec-attributes
pre-shared-key *****
OR for ASA v8.4:
ikev1 pre-shared-key *****
1.2.3.4 is the remote IP
AND: you also want to migrate away from DES/MD5.
06-29-2012 05:10 AM
I'm running ASA 8.4.
So i have tried this via the ASDM and the CLI and still no joy and am thinking is something todo with that the ASA has the outside address of "2.2.2.2" but actually "2.2.2.2" is Nat'd to 192.168.0.1 and this is the actual outside interface address... If that makes sense.
Remote Outside IP: 1.1.1.1
Local Outside IP: 2.2.2.2 (but Nat'd to 192.168.0.1)
The remote l2l pix515e is expecting from 2.2.2.2
06-29-2012 01:31 PM
whats your config now? crypto, tunnel-groups, nat, ACLs
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide