Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Cisco Community
- Technology and Support
- Security
- VPN
- ASA 5505 allows dynamic ipsec vpn + static ipsec vpn at the same time?
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
423
Views
0
Helpful
1
Replies
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-13-2014 06:47 PM - edited 02-21-2020 07:38 PM
Hello friends
Got an ASA5505 with 2 LAN-to-LAN vpn's. One of the remote sites need to be changed to a dynamic-to-static VPN, because of my dynamic IP address.
Just wanted to ask, if I can use the same cryptomap in my interface outside, as a dynamic crypto map?
Regards!
| ASAMTY# sh run |
| : Saved |
| : |
| ASA Version 8.2(5) |
| ! |
| hostname ASAMTY |
| enable password evi1ehtZe46b4AQU encrypted |
| passwd 2KFQnbNIdI.2KYOU encrypted |
| names |
| name X.X.X.X ASAFIREWALSLP description ASA IP PUBLICA SLP |
| name 10.0.81.0 Datos_SLP description LAN_Datos_SLP |
| name 10.0.82.0 Datos_SNP description LAN_Datos_SanPedro |
| name 10.1.80.0 Voz_MTY description LAN_Voz_MTY |
| name 10.1.81.0 Voz_SLP description LAN_Voz_SLP |
| name 10.1.82.0 Voz_SNP description LAN_Voz_SNP |
| name X.X.X.X IPPub_Serv_AdminPaq description Ip publica Servidor AdminPaq Prin |
| name 10.0.80.14 Serv_AdminPaq description Servidor AdminPaq Principal |
| name 10.0.80.15 Serv_AdminPaq2 description Servidor Backup AdminPaq |
| name 10.0.80.192 IP_Restriccion description Pool IP con restriccion internet |
| name 10.0.80.193 host_193 description Host_restriccion |
| name X.X.X.X IPPub_Serv_Antivirus description Servidor_Antivirus |
| name 10.0.80.91 Servidor_Antivirus description Servidor de Antivirus |
| name 10.0.80.24 MTYAD2012 description Servidor de Dominio (Active Directory) |
| name 10.0.80.23 MTYRDP2012 description Servidor de escritorio remoto (RDP) |
| name 10.0.80.20 MTYSQL2012 description Servidor de SQL |
| name 10.0.80.21 MTYAPP2012 description Servidor de aplicaciones (APP) |
| name 10.0.80.22 MTYEDI2012 description Servidor EDI |
| name X.X.X.X IPPub_MTYAD2012 description Servidor de Dominio (Active Directory) |
| name X.X.X.X IPPub_MTYAPP2012 description Servidor de aplicaciones (APP) |
| name X.X.X.X IPPub_MTYEDI2012 description Servidor EDI |
| name X.X.X.X IPPub_MTYRDP2012 description Servidor de escritorio remoto (RDP) |
| name X.X.X.X IPPub_MTYSQL2012 description Servidor de SQL |
| name X.X.X.X ASAFIREWALLSNP description ASA IP PUBLICA |
| ! |
| interface Ethernet0/0 |
| switchport access vlan 2 |
| ! |
| interface Ethernet0/1 |
| ! |
| interface Ethernet0/2 |
| ! |
| interface Ethernet0/3 |
| ! |
| interface Ethernet0/4 |
| ! |
| interface Ethernet0/5 |
| switchport access vlan 3 |
| ! |
| interface Ethernet0/6 |
| switchport access vlan 3 |
| ! |
| interface Ethernet0/7 |
| switchport access vlan 3 |
| ! |
| interface Vlan1 |
| no forward interface Vlan3 |
| nameif inside |
| security-level 100 |
| ip address 10.0.80.7 255.255.255.0 |
| ! |
| interface Vlan2 |
| nameif outside |
| security-level 0 |
| ip address X.X.X.X 255.255.255.240 |
| ! |
| interface Vlan3 |
| nameif voz |
| security-level 90 |
| ip address 10.1.80.7 255.255.255.0 |
| ! |
| regex office365-1 "\.live\.com" |
| regex office365-2 "\.lync\.com" |
| regex office365-3 "\.microsoft\.com" |
| regex office365-4 "\.microsoftonline" |
| regex office365-5 "\.msn\." |
| regex office365-6 "\.msecnd\.net" |
| regex office365-7 "\.msocdn\.com" |
| regex office365-8 "\.(office|office365|outlook|sharepoint|sharepointonline|windowsazure|phonefactor)\.(com|net)" |
| ftp mode passive |
| clock timezone CST -6 |
| clock summer-time CDT recurring 1 Sun Apr 2:00 last Sun Oct 2:00 |
| dns domain-lookup inside |
| dns domain-lookup outside |
| dns domain-lookup voz |
| object-group service RDP tcp |
| description Escritorio Remoto |
| port-object eq 3389 |
| object-group network DM_INLINE_NETWORK_4 |
| network-object host IPPub_Serv_AdminPaq |
| object-group protocol DM_INLINE_PROTOCOL_2 |
| protocol-object ip |
| protocol-object icmp |
| object-group network DM_INLINE_NETWORK_5 |
| network-object 10.0.80.0 255.255.255.0 |
| network-object Voz_MTY 255.255.255.0 |
| object-group network DM_INLINE_NETWORK_6 |
| network-object Datos_SNP 255.255.255.0 |
| network-object Voz_SNP 255.255.255.0 |
| object-group service DM_INLINE_SERVICE_1 |
| service-object ip |
| service-object udp |
| service-object tcp |
| service-object tcp-udp eq sip |
| service-object tcp eq h323 |
| service-object tcp eq www |
| service-object tcp eq sip |
| object-group service DM_INLINE_SERVICE_2 |
| service-object ip |
| service-object udp |
| service-object tcp |
| service-object tcp-udp eq sip |
| service-object tcp eq h323 |
| service-object tcp eq sip |
| object-group network DM_INLINE_NETWORK_10 |
| network-object Datos_SNP 255.255.255.0 |
| network-object Voz_SNP 255.255.255.0 |
| object-group network DM_INLINE_NETWORK_9 |
| network-object 10.0.80.0 255.255.255.0 |
| network-object Voz_MTY 255.255.255.0 |
| object-group network DM_INLINE_NETWORK_1 |
| network-object host IPPub_Serv_AdminPaq |
| object-group network DM_INLINE_NETWORK_8 |
| network-object Datos_SLP 255.255.255.0 |
| network-object Datos_SNP 255.255.255.0 |
| object-group network DM_INLINE_NETWORK_11 |
| network-object 10.0.80.0 255.255.255.0 |
| network-object Voz_MTY 255.255.255.0 |
| object-group network DM_INLINE_NETWORK_12 |
| network-object Datos_SLP 255.255.255.0 |
| network-object Voz_SLP 255.255.255.0 |
| object-group protocol TCPUDP |
| protocol-object udp |
| protocol-object tcp |
| object-group network DM_INLINE_NETWORK_2 |
| network-object 10.0.80.0 255.255.255.0 |
| network-object Voz_MTY 255.255.255.0 |
| object-group network DM_INLINE_NETWORK_3 |
| network-object Datos_SLP 255.255.255.0 |
| network-object Voz_SLP 255.255.255.0 |
| object-group network DM_INLINE_NETWORK_7 |
| network-object IP_Restriccion 255.255.255.224 |
| network-object host host_193 |
| object-group service Antivirus tcp |
| description puerto 4343 |
| port-object eq 4343 |
| port-object eq 8059 |
| object-group network DM_INLINE_NETWORK_13 |
| network-object 10.0.80.0 255.255.255.0 |
| network-object Voz_MTY 255.255.255.0 |
| object-group network DM_INLINE_NETWORK_14 |
| network-object Datos_SNP 255.255.255.0 |
| network-object Voz_SNP 255.255.255.0 |
| object-group network DM_INLINE_NETWORK_15 |
| network-object Datos_SLP 255.255.255.0 |
| network-object Datos_SNP 255.255.255.0 |
| object-group network DM_INLINE_NETWORK_16 |
| network-object 10.0.80.0 255.255.255.0 |
| network-object Datos_SLP 255.255.255.0 |
| network-object Datos_SNP 255.255.255.0 |
| object-group network DM_INLINE_NETWORK_17 |
| network-object 10.0.80.0 255.255.255.0 |
| network-object Voz_MTY 255.255.255.0 |
| object-group network DM_INLINE_NETWORK_18 |
| network-object Datos_SNP 255.255.255.0 |
| network-object Voz_SNP 255.255.255.0 |
| object-group network DM_INLINE_NETWORK_20 |
| network-object 10.0.80.0 255.255.255.0 |
| network-object Voz_MTY 255.255.255.0 |
| object-group network DM_INLINE_NETWORK_23 |
| network-object Datos_SNP 255.255.255.0 |
| network-object Voz_SNP 255.255.255.0 |
| access-list inside_mpc remark Bloqueo de HTTP |
| access-list inside_mpc extended permit object-group TCPUDP object-group DM_INLINE_NETWORK_7 any eq www inactive |
| access-list outside_1_cryptomap extended permit ip object-group DM_INLINE_NETWORK_9 object-group DM_INLINE_NETWORK_10 |
| access-list inside_nat0_outbound extended permit ip object-group DM_INLINE_NETWORK_11 object-group DM_INLINE_NETWORK_12 |
| access-list inside_nat0_outbound extended permit ip object-group DM_INLINE_NETWORK_5 object-group DM_INLINE_NETWORK_6 |
| access-list inside_nat0_outbound extended permit ip 10.0.80.0 255.255.255.0 10.0.80.248 255.255.255.248 |
| access-list inside_nat0_outbound extended permit ip object-group DM_INLINE_NETWORK_13 object-group DM_INLINE_NETWORK_14 |
| access-list inside_nat0_outbound extended permit ip object-group DM_INLINE_NETWORK_16 10.0.80.248 255.255.255.248 |
| access-list inside_nat0_outbound extended permit ip object-group DM_INLINE_NETWORK_17 object-group DM_INLINE_NETWORK_18 |
| access-list inside_nat0_outbound extended permit ip Voz_MTY 255.255.255.0 Voz_SNP 255.255.255.0 |
| access-list outside_2_cryptomap extended permit ip object-group DM_INLINE_NETWORK_2 object-group DM_INLINE_NETWORK_3 |
| access-list outside_access_in_1 extended permit tcp any object-group DM_INLINE_NETWORK_4 object-group RDP |
| access-list outside_access_in_1 extended permit icmp any object-group DM_INLINE_NETWORK_1 |
| access-list outside_access_in_1 extended permit icmp any host IPPub_Serv_Antivirus |
| access-list outside_access_in_1 extended permit tcp any host IPPub_Serv_Antivirus object-group Antivirus |
| access-list outside_access_in_1 extended permit tcp any host IPPub_MTYAD2012 object-group RDP |
| access-list outside_access_in_1 extended permit icmp any host IPPub_MTYAD2012 |
| access-list outside_access_in_1 extended permit tcp any host IPPub_MTYAPP2012 object-group RDP |
| access-list outside_access_in_1 extended permit icmp any host IPPub_MTYAPP2012 |
| access-list outside_access_in_1 extended permit tcp any host IPPub_MTYEDI2012 object-group RDP |
| access-list outside_access_in_1 extended permit icmp any host IPPub_MTYEDI2012 |
| access-list outside_access_in_1 extended permit tcp any host IPPub_MTYRDP2012 object-group RDP |
| access-list outside_access_in_1 extended permit icmp any host IPPub_MTYRDP2012 |
| access-list outside_access_in_1 extended permit tcp any host IPPub_MTYSQL2012 object-group RDP |
| access-list outside_access_in_1 extended permit icmp any host IPPub_MTYSQL2012 |
| access-list outside_access_in_1 extended permit ip 10.0.80.248 255.255.255.248 any |
| access-list inside_access_in extended permit ip 10.0.80.0 255.255.255.0 object-group DM_INLINE_NETWORK_8 |
| access-list inside_access_in extended permit ip 10.0.80.248 255.255.255.248 object-group DM_INLINE_NETWORK_15 |
| access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_2 any any |
| access-list voz_access_in extended permit object-group DM_INLINE_SERVICE_1 any any |
| access-list VPN_Client_splitTunnelAcl standard permit 10.0.80.0 255.255.255.0 |
| access-list RA_VPN_ISGO_splitTunnelAcl standard permit 10.0.80.0 255.255.255.0 |
| access-list RA_VPN_ISGO_splitTunnelAcl standard permit Datos_SLP 255.255.255.0 |
| access-list RA_VPN_ISGO_splitTunnelAcl standard permit Datos_SNP 255.255.255.0 |
| access-list outside_3_cryptomap extended permit ip object-group DM_INLINE_NETWORK_20 object-group DM_INLINE_NETWORK_23 |
| access-list TCP-POLICE extended permit tcp any any |
| pager lines 24 |
| logging enable |
| logging list LOW level informational class ip |
| logging list LOW level informational class session |
| logging asdm LOW |
| mtu inside 1500 |
| mtu outside 1500 |
| mtu voz 1500 |
| ip local pool Test_Pool 10.0.82.100-10.0.82.150 mask 255.255.255.0 |
| ip local pool RemoteAccess 10.0.80.248-10.0.80.254 mask 255.255.255.0 |
| ip local pool Pool_Test 10.3.80.10-10.3.80.20 mask 255.255.255.0 |
| icmp unreachable rate-limit 1 burst-size 1 |
| no asdm history enable |
| arp timeout 14400 |
| global (outside) 1 X.X.X.X netmask 255.255.255.240 |
| nat (inside) 0 access-list inside_nat0_outbound |
| nat (inside) 1 10.0.80.0 255.255.255.0 |
| static (inside,outside) IPPub_Serv_AdminPaq Serv_AdminPaq netmask 255.255.255.255 |
| static (inside,outside) IPPub_Serv_Antivirus Servidor_Antivirus netmask 255.255.255.255 |
| static (inside,outside) IPPub_MTYAD2012 MTYAD2012 netmask 255.255.255.255 |
| static (inside,outside) IPPub_MTYAPP2012 MTYAPP2012 netmask 255.255.255.255 |
| static (inside,outside) IPPub_MTYEDI2012 MTYEDI2012 netmask 255.255.255.255 |
| static (inside,outside) IPPub_MTYRDP2012 MTYRDP2012 netmask 255.255.255.255 |
| static (inside,outside) IPPub_MTYSQL2012 MTYSQL2012 netmask 255.255.255.255 |
| access-group inside_access_in in interface inside |
| access-group outside_access_in_1 in interface outside |
| access-group voz_access_in in interface voz |
| route outside 0.0.0.0 0.0.0.0 X.X.X.X 1 |
| timeout xlate 3:00:00 |
| timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 |
| timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 |
| timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 |
| timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute |
| timeout tcp-proxy-reassembly 0:01:00 |
| timeout floating-conn 0:00:00 |
| dynamic-access-policy-record DfltAccessPolicy |
| aaa authentication ssh console LOCAL |
| aaa authentication enable console LOCAL |
| aaa authentication http console LOCAL |
| aaa authentication serial console LOCAL |
| aaa authentication telnet console LOCAL |
| aaa authorization command LOCAL |
| aaa authorization exec LOCAL |
| http server enable |
| http 0.0.0.0 0.0.0.0 outside |
| http 10.0.80.0 255.255.255.0 inside |
| no snmp-server location |
| no snmp-server contact |
| snmp-server enable traps snmp authentication linkup linkdown coldstart |
| crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac |
| crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac |
| crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac |
| crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac |
| crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac |
| crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac |
| crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac |
| crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac |
| crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac |
| crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport |
| crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac |
| crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac |
| crypto ipsec security-association lifetime seconds 28800 |
| crypto ipsec security-association lifetime kilobytes 4608000 |
| crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 match address outside_3_cryptomap |
| crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs |
| crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 |
| crypto map outside_map 2 match address outside_2_cryptomap |
| crypto map outside_map 2 set pfs |
| crypto map outside_map 2 set peer ASAFIREWALSLP |
| crypto map outside_map 2 set transform-set ESP-DES-SHA |
| crypto map outside_map 3 match address outside_3_cryptomap |
| crypto map outside_map 3 set pfs |
| crypto map outside_map 3 set peer ASAFIREWALLSNP |
| crypto map outside_map 3 set transform-set ESP-DES-SHA |
| crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP |
| crypto map outside_map interface outside |
| crypto isakmp enable outside |
| crypto isakmp policy 10 |
| authentication pre-share |
| encryption des |
| hash sha |
| group 2 |
| lifetime 86400 |
| crypto isakmp policy 30 |
| authentication pre-share |
| encryption 3des |
| hash sha |
| group 2 |
| lifetime 86400 |
| telnet 10.0.80.0 255.255.255.0 inside |
| telnet timeout 5 |
| ssh 0.0.0.0 0.0.0.0 outside |
| ssh timeout 5 |
| console timeout 0 |
| management-access inside |
| dhcpd address 10.0.80.100-10.0.80.200 inside |
| dhcpd dns MTYAD2012 X.X.X.X interface inside |
| dhcpd enable inside |
| ! |
| vpnclient server X.X.X.X |
| vpnclient mode client-mode |
| vpnclient vpngroup RemoteVPN password ***** |
| vpnclient username user password ***** |
| priority-queue outside |
| threat-detection basic-threat |
| threat-detection statistics access-list |
| no threat-detection statistics tcp-intercept |
| webvpn |
| svc image disk0:/anyconnect-win-3.1.04072-k9.zip 1 |
| svc enable |
| tunnel-group-list enable |
| group-policy DfltGrpPolicy attributes |
| vpn-tunnel-protocol IPSec svc |
| webvpn |
| url-list value Apps |
| group-policy RA_VPN_ISGO internal |
| group-policy RA_VPN_ISGO attributes |
| vpn-tunnel-protocol IPSec |
| split-tunnel-policy tunnelspecified |
| split-tunnel-network-list value VPN_Client_splitTunnelAcl |
| group-policy VPN_Dialups internal |
| group-policy VPN_Dialups attributes |
| dns-server value 8.8.8.8 8.8.4.4 |
| vpn-tunnel-protocol svc |
| split-tunnel-policy tunnelspecified |
| split-tunnel-network-list value VPN_Client_splitTunnelAcl |
| username cgonzalez password /GWSp5iP7vQ.gJaO encrypted privilege 15 |
| username migesa password vAg2TCOLcAfE9gEq encrypted privilege 15 |
| username jwong password Z/cxLBP4QHTrf1Fx encrypted |
| username jwong attributes |
| service-type remote-access |
| tunnel-group DefaultRAGroup ipsec-attributes |
| pre-shared-key ***** |
| tunnel-group DefaultRAGroup ppp-attributes |
| no authentication chap |
| authentication ms-chap-v2 |
| tunnel-group RA_VPN_ISGO type remote-access |
| tunnel-group RA_VPN_ISGO general-attributes |
| address-pool RemoteAccess |
| default-group-policy RA_VPN_ISGO |
| tunnel-group RA_VPN_ISGO ipsec-attributes |
| pre-shared-key ***** |
| tunnel-group X.X.X.X type ipsec-l2l |
| tunnel-group X.X.X.X ipsec-attributes |
| pre-shared-key ***** |
| tunnel-group X.X.X.X type ipsec-l2l |
| tunnel-group X.X.X.X ipsec-attributes |
| pre-shared-key ***** |
| tunnel-group VPN_Dialups type remote-access |
| tunnel-group VPN_Dialups general-attributes |
| address-pool RemoteAccess |
| default-group-policy VPN_Dialups |
| tunnel-group VPN_Dialups ipsec-attributes |
| pre-shared-key ***** |
| ! |
| class-map voice-class_snp |
| description QoS Trafico VPN SNP |
| match dscp ef |
| match tunnel-group X.X.X.X |
| class-map rest-class |
| match flow ip destination-address |
| match tunnel-group X.X.X.X |
| class-map http-class |
| match access-list inside_mpc |
| class-map rest-class_snp |
| match flow ip destination-address |
| match tunnel-group X.X.X.X |
| class-map type inspect http match-all asdm_medium_security_methods |
| match not request method head |
| match not request method post |
| match not request method get |
| class-map tcp-traffic-class |
| match access-list TCP-POLICE |
| class-map inspection_default |
| match default-inspection-traffic |
| class-map type inspect http match-all asdm_high_security_methods |
| match not request method head |
| match not request method get |
| class-map voice-class |
| description QoS Trafico VPN SLP |
| match dscp ef |
| match tunnel-group X.X.X.X |
| ! |
| ! |
| policy-map type inspect dns preset_dns_map |
| parameters |
| message-length maximum client auto |
| message-length maximum 512 |
| policy-map type inspect http Office365 |
| parameters |
| protocol-violation action drop-connection |
| class asdm_medium_security_methods |
| drop-connection |
| policy-map global_policy |
| class inspection_default |
| inspect dns preset_dns_map |
| inspect ftp |
| inspect h323 h225 |
| inspect h323 ras |
| inspect rsh |
| inspect rtsp |
| inspect esmtp |
| inspect sqlnet |
| inspect skinny |
| inspect sunrpc |
| inspect xdmcp |
| inspect sip |
| inspect netbios |
| inspect tftp |
| inspect ip-options |
| inspect icmp |
| inspect http |
| policy-map outside-policy |
| class voice-class_snp |
| priority |
| class voice-class |
| priority |
| class tcp-traffic-class |
| police output 1000000 |
| police input 1000000 |
| class rest-class |
| police output 1000000 |
| class rest-class_snp |
| class class-default |
| police input 1000000 |
| police output 1000000 |
| policy-map inside-policy |
| class http-class |
| inspect http Office365 |
| ! |
| service-policy global_policy global |
| service-policy inside-policy interface inside |
| service-policy outside-policy interface outside |
| privilege cmd level 3 mode exec command perfmon |
| privilege cmd level 3 mode exec command ping |
| privilege cmd level 3 mode exec command who |
| privilege cmd level 3 mode exec command logging |
| privilege cmd level 3 mode exec command failover |
| privilege cmd level 3 mode exec command packet-tracer |
| privilege show level 5 mode exec command import |
| privilege show level 5 mode exec command running-config |
| privilege show level 3 mode exec command reload |
| privilege show level 3 mode exec command mode |
| privilege show level 3 mode exec command firewall |
| privilege show level 3 mode exec command asp |
| privilege show level 3 mode exec command cpu |
| privilege show level 3 mode exec command interface |
| privilege show level 3 mode exec command clock |
| privilege show level 3 mode exec command dns-hosts |
| privilege show level 3 mode exec command access-list |
| privilege show level 3 mode exec command logging |
| privilege show level 3 mode exec command vlan |
| privilege show level 3 mode exec command ip |
| privilege show level 3 mode exec command ipv6 |
| privilege show level 3 mode exec command failover |
| privilege show level 3 mode exec command asdm |
| privilege show level 3 mode exec command arp |
| privilege show level 3 mode exec command route |
| privilege show level 3 mode exec command ospf |
| privilege show level 3 mode exec command aaa-server |
| privilege show level 3 mode exec command aaa |
| privilege show level 3 mode exec command eigrp |
| privilege show level 3 mode exec command crypto |
| privilege show level 3 mode exec command vpn-sessiondb |
| privilege show level 3 mode exec command ssh |
| privilege show level 3 mode exec command dhcpd |
| privilege show level 3 mode exec command vpnclient |
| privilege show level 3 mode exec command vpn |
| privilege show level 3 mode exec command blocks |
| privilege show level 3 mode exec command wccp |
| privilege show level 3 mode exec command dynamic-filter |
| privilege show level 3 mode exec command webvpn |
| privilege show level 3 mode exec command module |
| privilege show level 3 mode exec command uauth |
| privilege show level 3 mode exec command compression |
| privilege show level 3 mode configure command interface |
| privilege show level 3 mode configure command clock |
| privilege show level 3 mode configure command access-list |
| privilege show level 3 mode configure command logging |
| privilege show level 3 mode configure command ip |
| privilege show level 3 mode configure command failover |
| privilege show level 5 mode configure command asdm |
| privilege show level 3 mode configure command arp |
| privilege show level 3 mode configure command route |
| privilege show level 3 mode configure command aaa-server |
| privilege show level 3 mode configure command aaa |
| privilege show level 3 mode configure command crypto |
| privilege show level 3 mode configure command ssh |
| privilege show level 3 mode configure command dhcpd |
| privilege show level 5 mode configure command privilege |
| privilege clear level 3 mode exec command dns-hosts |
| privilege clear level 3 mode exec command logging |
| privilege clear level 3 mode exec command arp |
| privilege clear level 3 mode exec command aaa-server |
| privilege clear level 3 mode exec command crypto |
| privilege clear level 3 mode exec command dynamic-filter |
| privilege cmd level 3 mode configure command failover |
| privilege clear level 3 mode configure command logging |
| privilege clear level 3 mode configure command arp |
| privilege clear level 3 mode configure command crypto |
| privilege clear level 3 mode configure command aaa-server |
| prompt hostname context |
| no call-home reporting anonymous |
| Cryptochecksum:31cc225fbde09f7b351c913eef790d31 |
| : end |
| ASAMTY# |
Solved! Go to Solution.
Labels:
- Labels:
-
IPSEC
1 Accepted Solution
Accepted Solutions
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-17-2014 08:51 PM
Hi Alex,
Since only one crypto map can be applied on an interface and only one dynamic map can be part of a crypto map.
Thus , you can use the same crypto map on outside interface to terminate static and dynamic L2L VPN tunnels.
Regards
Dinesh Moudgil
PS: Please mark the helpful posts
Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/
1 Reply 1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-17-2014 08:51 PM
Hi Alex,
Since only one crypto map can be applied on an interface and only one dynamic map can be part of a crypto map.
Thus , you can use the same crypto map on outside interface to terminate static and dynamic L2L VPN tunnels.
Regards
Dinesh Moudgil
PS: Please mark the helpful posts
Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/
Learn, share, save
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide
Customers Also Viewed These Support Documents