I'm replacing a PIX 501 with a new ASA. The 501 already has the VPN details and all works but when i try to replicate with the ASDM i'm having no joy. I'm having trouble configuring my Cisco ASA to do a site to site VPN to our Cisco PIX. Could someone suggest the ASA commands i should enter. Here is the current PIX 501 vpn information:
access-list outside_cryptomap_19 permit ip 192.168.40.0 255.255.255.0 192.168.200.0 255.255.255.0
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto map outside_map_1 19 ipsec-isakmp
crypto map outside_map_1 19 match address outside_cryptomap_19
crypto map outside_map_1 19 set peer 220.127.116.11
crypto map outside_map_1 19 set transform-set ESP-DES-MD5
crypto map outside_map_1 20 ipsec-isakmp
isakmp enable outside
isakmp key ******** address 0.0.0.0 netmask 0.0.0.0
isakmp identity address
isakmp nat-traversal 20
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
What would be the equivelent for the ASA?
Any help is appreciated.
On the ASA you need to configure a tunnel-group. Inside the tunnel-group you specify the PSK which was configured previously in isakmp-config:
tunnel-group 18.104.22.168 type ipsec-l2l
tunnel-group 22.214.171.124 ipsec-attributes
OR for ASA v8.4:
ikev1 pre-shared-key *****
126.96.36.199 is the remote IP
AND: you also want to migrate away from DES/MD5.
I'm running ASA 8.4.
So i have tried this via the ASDM and the CLI and still no joy and am thinking is something todo with that the ASA has the outside address of "188.8.131.52" but actually "184.108.40.206" is Nat'd to 192.168.0.1 and this is the actual outside interface address... If that makes sense.
Remote Outside IP: 220.127.116.11
Local Outside IP: 18.104.22.168 (but Nat'd to 192.168.0.1)
The remote l2l pix515e is expecting from 22.214.171.124
whats your config now? crypto, tunnel-groups, nat, ACLs