What would be the command?  I have looked at the configuration in the 8.4 asa's and this is what I have.

This doesn't work with 8.2:

crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac

crypto ipsec ? no option for ikev1

Thanks,

Mike

Mike

The command would just be without the ikev1 because there is no choice on your ASA version.

So if there is no choice there is no option to specify which IKE version you want to use.

Am I misunderstanding your question ?

Jon

 Thanks Jon,

If I have the below config'd now:

crypto ipsec transform-set my_set esp-aes esp-md5-hmac

crypto map RS_VPN 136 match address vpn_my_vpnACL

crypto map RS_VPN 136 set pfs

crypto map RS_VPN 136 set peer 170.150.3.14

crypto map RS_VPN 136 set transform-set my_set

crypto map RS_VPN 136 set security-association lifetime seconds 43200

crypto map RS_VPN interface outside

crypto isakmp enable outside

crypto isakmp policy 100

          authentication pre-share

          encryption aes

          hash md5

         group 2

         lifetime 43200

crypto isakmp am-disable

tunnel-group 170.150.3.14 type ipsec-l2l

tunnel-group 170.150.3.14 ipsec-attributes

           pre-shared-key  ************************

The IKE and ipsec settings would be:

ike:   aes(128 default) md5 hash

ipsec:  aes(128 default) md5 hash

Would I need any other settings?  I'm trying to connect my ASA to a Siemens Ruggedcom Firewall, I need to provide my settings to the Ruggedcom team to match mine.

Thanks,

Mike

Mike

Send them all the settings because they will need to know things like PFS has been set, the group used and the security lifetimes etc.

Also send them the crypto map acls so they can match the remote and local subnets.

Obviously if this all by e-mail don't send the key with this unless you are using encrypted mail.

Jon