04-16-2016 07:44 AM
Hello,
it has been asked me to configure on ASA a new vpn site-to-site. For this vpn I should set :
crypto isakmp identity address
crypto isakmp enable outside
.. from my configuration crypto isakmp identity is auto and crypto isakmp is not enabled on any interface. I have many vpn with ike enabled on outside interface. My question is : why should I enable isakmp on outside interface and mostly can it create disruptions to ike vpn that are already in place ?
Furthermore either group-policy or tunnel-group it has been asked me to configure, both have not ike indication. Never seen this kind of vpn configuration before, something new.
Thanks
Solved! Go to Solution.
04-16-2016 09:18 PM
Hi Giuseppe,
The command crypto
You also do not need to configure crypto
This command tells that the tunnel would be negotiated on the basis of IP address but since it is set to auto it will on it own do that so no need to specify this command.
Regards,
Aditya
Please rate helpful posts and mark correct answers.
04-16-2016 09:18 PM
Hi Giuseppe,
The command crypto
You also do not need to configure crypto
This command tells that the tunnel would be negotiated on the basis of IP address but since it is set to auto it will on it own do that so no need to specify this command.
Regards,
Aditya
Please rate helpful posts and mark correct answers.
04-18-2016 01:14 AM
Thanks for your answer Aditya but is it correct they didn't asked me to configure IKE either in group policy or tunnel group configuration?
Let me add a question : it has been also asked to configure a crypto isakmp policy but maybe (as you wrote) it's just the same as crypto ike policy ?
ps. I'm talking about configuring vpn to AWS.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide