cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
837
Views
0
Helpful
3
Replies

L2L ipsec vpn

xayavongp
Level 1
Level 1

Recently got blind-sided with ASA that no longer used isakmp, but ikev1 and ikev2 in its configs for the crypto portion.

Can anybody tell me if the L2L IPSec tunnel for ios version 15.3 (cisco 896VA) still uses "crypto isakmp" as the parameters?

I did see it on this guide, but again I don't know what ios version this guide is referencing.

http://www.cisco.com/en/US/docs/routers/access/800/860-880-890/software/configuration/guide/vpnezvpn.html

Should I be expecting to use crypto ikev2 ... or crypto ikev1... ? Sorry I do not have the router in front me but I know it is running code 15.3

Thanks,

Pete

3 Replies 3

Marcin Latosiewicz
Cisco Employee
Cisco Employee

Pete,

(Shameless plug)

https://supportforums.cisco.com/community/netpro/security/vpn/blog/2011/02/08/asa-84-ipsec-vpn--whats-new

IKEv1 syntax replaces more of ISAKMP commands on ASA, routers still usa isakmp.

The underlying operation on ASA did not change IKEv1/ISAKMP funcitons exactly the same way.

M.

Message was edited by: Marcin Latosiewicz, edited for clarity. 

although the command-syntax changed on the ASA, you still can configure it with the old syntax. The ASA will translate it automatically and when you do a show run, you see the new commands. But you don't have the help available with the old syntax.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

I believe I got the new ASA syntax properly configured.  I was wondering if the same was true of ios version 15.

We are trying to create a L2L IPsec VPN between the ASA and Cisco 896VA secure router, and preferably use ikev2.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: