11-29-2017 07:36 AM - edited 03-12-2019 04:46 AM
I am the a middle of setting up an ipsec-vpn with ikev2. but my tunnel-group ipsec attributes will not accept
ikev2 command. Please refer to the output below:
------------------------------------------------------------------
Data-FW(config)# tunnel-group RAVPN ipsec-attributes
Data-FW(config-tunnel-ipsec)# ?
tunnel-group configuration commands:
authorization-required Require users to authorize successfully in order to
connect (DEPRECATED)
chain Enable sending certificate chain
exit Exit from tunnel-group IPSec attribute configuration
mode
help Help for tunnel group configuration commands
ikev1 Configure IKEv1
isakmp Configure ISAKMP policy
no Remove an attribute value pair
peer-id-validate Validate identity of the peer using the peer's
certificate
radius-with-expiry Enable negotiation of password update during RADIUS
authentication (DEPRECATED)
---------------------------------------------------------------------------
11-29-2017 09:44 AM
11-30-2017 05:54 AM
11-30-2017 01:44 PM
12-07-2017 02:58 AM
To make things a little easier I will like to provide further information on what I am trying to achieve. I am trying to setup vpn ra on ASA5510 running on ver 8.4(1).
I have decided to config ike version 2 with the template below:
hostname(config)# crypto ikev2 policy 1
hostname(config-ikev2-policy)# group 2
hostname(config-ikev2-policy)# integrity sha512
hostname(config-ikev2-policy)# prf sha512
hostname(config)# crypto ikev2 enable outside
hostname(config)# ip local pool POOL 192.168.0.10-192.168.0.15
hostname(config)# username testuser password 12345678
hostname(config)# crypto ipsec ikev2 ipsec-proposal AES256-SHA512
hostname(config-ipsec-proposal)# protocol esp encryption aes-256
hostname(config-ipsec-proposal)# protocol esp integrity sha-512
hostname(config)# tunnel-group RAVPN type remote-access
hostname(config)# tunnel-group RAVPN general-attributes
hostname(config-general)# address-pool POOL
????? hostname(config)# tunnel-group RAVPN ipsec-attributes ???????????
hostname(config-tunnel-ipsec)# ikev2 local-authentication pre-shared-key *******
hostname(config-tunnel-ipsec)# ikev2 remote-authentication pre-shared-key *********
hostname(config)# crypto dynamic-map DYNMAP 1 set ikev2 ipsec-proposal AES256-SHA512
hostname(config)# crypto dynamic-map DYNMAP 1 set reverse-route
hostname(config)# crypto map CMAP 1 ipsec-isakmp dynamic DYNMAP
hostname(config)# crypto map CMAP interface outside
The challenge is that when I get to this command :
????? hostname(config)# tunnel-group RAVPN ipsec-attributes ???????????
The next command below does not work.
hostname(config-tunnel-ipsec)# ikev2 local-authentication pre-shared-key *******
I am therefore stuck here. I need to get the vpn working ASAP.
Thanks for all the assistance.
12-07-2017 02:34 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide