05-13-2014 06:47 PM - edited 02-21-2020 07:38 PM
Hello friends
Got an ASA5505 with 2 LAN-to-LAN vpn's. One of the remote sites need to be changed to a dynamic-to-static VPN, because of my dynamic IP address.
Just wanted to ask, if I can use the same cryptomap in my interface outside, as a dynamic crypto map?
Regards!
ASAMTY# sh run |
: Saved |
: |
ASA Version 8.2(5) |
! |
hostname ASAMTY |
enable password evi1ehtZe46b4AQU encrypted |
passwd 2KFQnbNIdI.2KYOU encrypted |
names |
name X.X.X.X ASAFIREWALSLP description ASA IP PUBLICA SLP |
name 10.0.81.0 Datos_SLP description LAN_Datos_SLP |
name 10.0.82.0 Datos_SNP description LAN_Datos_SanPedro |
name 10.1.80.0 Voz_MTY description LAN_Voz_MTY |
name 10.1.81.0 Voz_SLP description LAN_Voz_SLP |
name 10.1.82.0 Voz_SNP description LAN_Voz_SNP |
name X.X.X.X IPPub_Serv_AdminPaq description Ip publica Servidor AdminPaq Prin |
name 10.0.80.14 Serv_AdminPaq description Servidor AdminPaq Principal |
name 10.0.80.15 Serv_AdminPaq2 description Servidor Backup AdminPaq |
name 10.0.80.192 IP_Restriccion description Pool IP con restriccion internet |
name 10.0.80.193 host_193 description Host_restriccion |
name X.X.X.X IPPub_Serv_Antivirus description Servidor_Antivirus |
name 10.0.80.91 Servidor_Antivirus description Servidor de Antivirus |
name 10.0.80.24 MTYAD2012 description Servidor de Dominio (Active Directory) |
name 10.0.80.23 MTYRDP2012 description Servidor de escritorio remoto (RDP) |
name 10.0.80.20 MTYSQL2012 description Servidor de SQL |
name 10.0.80.21 MTYAPP2012 description Servidor de aplicaciones (APP) |
name 10.0.80.22 MTYEDI2012 description Servidor EDI |
name X.X.X.X IPPub_MTYAD2012 description Servidor de Dominio (Active Directory) |
name X.X.X.X IPPub_MTYAPP2012 description Servidor de aplicaciones (APP) |
name X.X.X.X IPPub_MTYEDI2012 description Servidor EDI |
name X.X.X.X IPPub_MTYRDP2012 description Servidor de escritorio remoto (RDP) |
name X.X.X.X IPPub_MTYSQL2012 description Servidor de SQL |
name X.X.X.X ASAFIREWALLSNP description ASA IP PUBLICA |
! |
interface Ethernet0/0 |
switchport access vlan 2 |
! |
interface Ethernet0/1 |
! |
interface Ethernet0/2 |
! |
interface Ethernet0/3 |
! |
interface Ethernet0/4 |
! |
interface Ethernet0/5 |
switchport access vlan 3 |
! |
interface Ethernet0/6 |
switchport access vlan 3 |
! |
interface Ethernet0/7 |
switchport access vlan 3 |
! |
interface Vlan1 |
no forward interface Vlan3 |
nameif inside |
security-level 100 |
ip address 10.0.80.7 255.255.255.0 |
! |
interface Vlan2 |
nameif outside |
security-level 0 |
ip address X.X.X.X 255.255.255.240 |
! |
interface Vlan3 |
nameif voz |
security-level 90 |
ip address 10.1.80.7 255.255.255.0 |
! |
regex office365-1 "\.live\.com" |
regex office365-2 "\.lync\.com" |
regex office365-3 "\.microsoft\.com" |
regex office365-4 "\.microsoftonline" |
regex office365-5 "\.msn\." |
regex office365-6 "\.msecnd\.net" |
regex office365-7 "\.msocdn\.com" |
regex office365-8 "\.(office|office365|outlook|sharepoint|sharepointonline|windowsazure|phonefactor)\.(com|net)" |
ftp mode passive |
clock timezone CST -6 |
clock summer-time CDT recurring 1 Sun Apr 2:00 last Sun Oct 2:00 |
dns domain-lookup inside |
dns domain-lookup outside |
dns domain-lookup voz |
object-group service RDP tcp |
description Escritorio Remoto |
port-object eq 3389 |
object-group network DM_INLINE_NETWORK_4 |
network-object host IPPub_Serv_AdminPaq |
object-group protocol DM_INLINE_PROTOCOL_2 |
protocol-object ip |
protocol-object icmp |
object-group network DM_INLINE_NETWORK_5 |
network-object 10.0.80.0 255.255.255.0 |
network-object Voz_MTY 255.255.255.0 |
object-group network DM_INLINE_NETWORK_6 |
network-object Datos_SNP 255.255.255.0 |
network-object Voz_SNP 255.255.255.0 |
object-group service DM_INLINE_SERVICE_1 |
service-object ip |
service-object udp |
service-object tcp |
service-object tcp-udp eq sip |
service-object tcp eq h323 |
service-object tcp eq www |
service-object tcp eq sip |
object-group service DM_INLINE_SERVICE_2 |
service-object ip |
service-object udp |
service-object tcp |
service-object tcp-udp eq sip |
service-object tcp eq h323 |
service-object tcp eq sip |
object-group network DM_INLINE_NETWORK_10 |
network-object Datos_SNP 255.255.255.0 |
network-object Voz_SNP 255.255.255.0 |
object-group network DM_INLINE_NETWORK_9 |
network-object 10.0.80.0 255.255.255.0 |
network-object Voz_MTY 255.255.255.0 |
object-group network DM_INLINE_NETWORK_1 |
network-object host IPPub_Serv_AdminPaq |
object-group network DM_INLINE_NETWORK_8 |
network-object Datos_SLP 255.255.255.0 |
network-object Datos_SNP 255.255.255.0 |
object-group network DM_INLINE_NETWORK_11 |
network-object 10.0.80.0 255.255.255.0 |
network-object Voz_MTY 255.255.255.0 |
object-group network DM_INLINE_NETWORK_12 |
network-object Datos_SLP 255.255.255.0 |
network-object Voz_SLP 255.255.255.0 |
object-group protocol TCPUDP |
protocol-object udp |
protocol-object tcp |
object-group network DM_INLINE_NETWORK_2 |
network-object 10.0.80.0 255.255.255.0 |
network-object Voz_MTY 255.255.255.0 |
object-group network DM_INLINE_NETWORK_3 |
network-object Datos_SLP 255.255.255.0 |
network-object Voz_SLP 255.255.255.0 |
object-group network DM_INLINE_NETWORK_7 |
network-object IP_Restriccion 255.255.255.224 |
network-object host host_193 |
object-group service Antivirus tcp |
description puerto 4343 |
port-object eq 4343 |
port-object eq 8059 |
object-group network DM_INLINE_NETWORK_13 |
network-object 10.0.80.0 255.255.255.0 |
network-object Voz_MTY 255.255.255.0 |
object-group network DM_INLINE_NETWORK_14 |
network-object Datos_SNP 255.255.255.0 |
network-object Voz_SNP 255.255.255.0 |
object-group network DM_INLINE_NETWORK_15 |
network-object Datos_SLP 255.255.255.0 |
network-object Datos_SNP 255.255.255.0 |
object-group network DM_INLINE_NETWORK_16 |
network-object 10.0.80.0 255.255.255.0 |
network-object Datos_SLP 255.255.255.0 |
network-object Datos_SNP 255.255.255.0 |
object-group network DM_INLINE_NETWORK_17 |
network-object 10.0.80.0 255.255.255.0 |
network-object Voz_MTY 255.255.255.0 |
object-group network DM_INLINE_NETWORK_18 |
network-object Datos_SNP 255.255.255.0 |
network-object Voz_SNP 255.255.255.0 |
object-group network DM_INLINE_NETWORK_20 |
network-object 10.0.80.0 255.255.255.0 |
network-object Voz_MTY 255.255.255.0 |
object-group network DM_INLINE_NETWORK_23 |
network-object Datos_SNP 255.255.255.0 |
network-object Voz_SNP 255.255.255.0 |
access-list inside_mpc remark Bloqueo de HTTP |
access-list inside_mpc extended permit object-group TCPUDP object-group DM_INLINE_NETWORK_7 any eq www inactive |
access-list outside_1_cryptomap extended permit ip object-group DM_INLINE_NETWORK_9 object-group DM_INLINE_NETWORK_10 |
access-list inside_nat0_outbound extended permit ip object-group DM_INLINE_NETWORK_11 object-group DM_INLINE_NETWORK_12 |
access-list inside_nat0_outbound extended permit ip object-group DM_INLINE_NETWORK_5 object-group DM_INLINE_NETWORK_6 |
access-list inside_nat0_outbound extended permit ip 10.0.80.0 255.255.255.0 10.0.80.248 255.255.255.248 |
access-list inside_nat0_outbound extended permit ip object-group DM_INLINE_NETWORK_13 object-group DM_INLINE_NETWORK_14 |
access-list inside_nat0_outbound extended permit ip object-group DM_INLINE_NETWORK_16 10.0.80.248 255.255.255.248 |
access-list inside_nat0_outbound extended permit ip object-group DM_INLINE_NETWORK_17 object-group DM_INLINE_NETWORK_18 |
access-list inside_nat0_outbound extended permit ip Voz_MTY 255.255.255.0 Voz_SNP 255.255.255.0 |
access-list outside_2_cryptomap extended permit ip object-group DM_INLINE_NETWORK_2 object-group DM_INLINE_NETWORK_3 |
access-list outside_access_in_1 extended permit tcp any object-group DM_INLINE_NETWORK_4 object-group RDP |
access-list outside_access_in_1 extended permit icmp any object-group DM_INLINE_NETWORK_1 |
access-list outside_access_in_1 extended permit icmp any host IPPub_Serv_Antivirus |
access-list outside_access_in_1 extended permit tcp any host IPPub_Serv_Antivirus object-group Antivirus |
access-list outside_access_in_1 extended permit tcp any host IPPub_MTYAD2012 object-group RDP |
access-list outside_access_in_1 extended permit icmp any host IPPub_MTYAD2012 |
access-list outside_access_in_1 extended permit tcp any host IPPub_MTYAPP2012 object-group RDP |
access-list outside_access_in_1 extended permit icmp any host IPPub_MTYAPP2012 |
access-list outside_access_in_1 extended permit tcp any host IPPub_MTYEDI2012 object-group RDP |
access-list outside_access_in_1 extended permit icmp any host IPPub_MTYEDI2012 |
access-list outside_access_in_1 extended permit tcp any host IPPub_MTYRDP2012 object-group RDP |
access-list outside_access_in_1 extended permit icmp any host IPPub_MTYRDP2012 |
access-list outside_access_in_1 extended permit tcp any host IPPub_MTYSQL2012 object-group RDP |
access-list outside_access_in_1 extended permit icmp any host IPPub_MTYSQL2012 |
access-list outside_access_in_1 extended permit ip 10.0.80.248 255.255.255.248 any |
access-list inside_access_in extended permit ip 10.0.80.0 255.255.255.0 object-group DM_INLINE_NETWORK_8 |
access-list inside_access_in extended permit ip 10.0.80.248 255.255.255.248 object-group DM_INLINE_NETWORK_15 |
access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_2 any any |
access-list voz_access_in extended permit object-group DM_INLINE_SERVICE_1 any any |
access-list VPN_Client_splitTunnelAcl standard permit 10.0.80.0 255.255.255.0 |
access-list RA_VPN_ISGO_splitTunnelAcl standard permit 10.0.80.0 255.255.255.0 |
access-list RA_VPN_ISGO_splitTunnelAcl standard permit Datos_SLP 255.255.255.0 |
access-list RA_VPN_ISGO_splitTunnelAcl standard permit Datos_SNP 255.255.255.0 |
access-list outside_3_cryptomap extended permit ip object-group DM_INLINE_NETWORK_20 object-group DM_INLINE_NETWORK_23 |
access-list TCP-POLICE extended permit tcp any any |
pager lines 24 |
logging enable |
logging list LOW level informational class ip |
logging list LOW level informational class session |
logging asdm LOW |
mtu inside 1500 |
mtu outside 1500 |
mtu voz 1500 |
ip local pool Test_Pool 10.0.82.100-10.0.82.150 mask 255.255.255.0 |
ip local pool RemoteAccess 10.0.80.248-10.0.80.254 mask 255.255.255.0 |
ip local pool Pool_Test 10.3.80.10-10.3.80.20 mask 255.255.255.0 |
icmp unreachable rate-limit 1 burst-size 1 |
no asdm history enable |
arp timeout 14400 |
global (outside) 1 X.X.X.X netmask 255.255.255.240 |
nat (inside) 0 access-list inside_nat0_outbound |
nat (inside) 1 10.0.80.0 255.255.255.0 |
static (inside,outside) IPPub_Serv_AdminPaq Serv_AdminPaq netmask 255.255.255.255 |
static (inside,outside) IPPub_Serv_Antivirus Servidor_Antivirus netmask 255.255.255.255 |
static (inside,outside) IPPub_MTYAD2012 MTYAD2012 netmask 255.255.255.255 |
static (inside,outside) IPPub_MTYAPP2012 MTYAPP2012 netmask 255.255.255.255 |
static (inside,outside) IPPub_MTYEDI2012 MTYEDI2012 netmask 255.255.255.255 |
static (inside,outside) IPPub_MTYRDP2012 MTYRDP2012 netmask 255.255.255.255 |
static (inside,outside) IPPub_MTYSQL2012 MTYSQL2012 netmask 255.255.255.255 |
access-group inside_access_in in interface inside |
access-group outside_access_in_1 in interface outside |
access-group voz_access_in in interface voz |
route outside 0.0.0.0 0.0.0.0 X.X.X.X 1 |
timeout xlate 3:00:00 |
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 |
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 |
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 |
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute |
timeout tcp-proxy-reassembly 0:01:00 |
timeout floating-conn 0:00:00 |
dynamic-access-policy-record DfltAccessPolicy |
aaa authentication ssh console LOCAL |
aaa authentication enable console LOCAL |
aaa authentication http console LOCAL |
aaa authentication serial console LOCAL |
aaa authentication telnet console LOCAL |
aaa authorization command LOCAL |
aaa authorization exec LOCAL |
http server enable |
http 0.0.0.0 0.0.0.0 outside |
http 10.0.80.0 255.255.255.0 inside |
no snmp-server location |
no snmp-server contact |
snmp-server enable traps snmp authentication linkup linkdown coldstart |
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac |
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac |
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac |
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac |
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac |
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac |
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac |
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac |
crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac |
crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport |
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac |
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac |
crypto ipsec security-association lifetime seconds 28800 |
crypto ipsec security-association lifetime kilobytes 4608000 |
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 match address outside_3_cryptomap |
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs |
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 |
crypto map outside_map 2 match address outside_2_cryptomap |
crypto map outside_map 2 set pfs |
crypto map outside_map 2 set peer ASAFIREWALSLP |
crypto map outside_map 2 set transform-set ESP-DES-SHA |
crypto map outside_map 3 match address outside_3_cryptomap |
crypto map outside_map 3 set pfs |
crypto map outside_map 3 set peer ASAFIREWALLSNP |
crypto map outside_map 3 set transform-set ESP-DES-SHA |
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP |
crypto map outside_map interface outside |
crypto isakmp enable outside |
crypto isakmp policy 10 |
authentication pre-share |
encryption des |
hash sha |
group 2 |
lifetime 86400 |
crypto isakmp policy 30 |
authentication pre-share |
encryption 3des |
hash sha |
group 2 |
lifetime 86400 |
telnet 10.0.80.0 255.255.255.0 inside |
telnet timeout 5 |
ssh 0.0.0.0 0.0.0.0 outside |
ssh timeout 5 |
console timeout 0 |
management-access inside |
dhcpd address 10.0.80.100-10.0.80.200 inside |
dhcpd dns MTYAD2012 X.X.X.X interface inside |
dhcpd enable inside |
! |
vpnclient server X.X.X.X |
vpnclient mode client-mode |
vpnclient vpngroup RemoteVPN password ***** |
vpnclient username user password ***** |
priority-queue outside |
threat-detection basic-threat |
threat-detection statistics access-list |
no threat-detection statistics tcp-intercept |
webvpn |
svc image disk0:/anyconnect-win-3.1.04072-k9.zip 1 |
svc enable |
tunnel-group-list enable |
group-policy DfltGrpPolicy attributes |
vpn-tunnel-protocol IPSec svc |
webvpn |
url-list value Apps |
group-policy RA_VPN_ISGO internal |
group-policy RA_VPN_ISGO attributes |
vpn-tunnel-protocol IPSec |
split-tunnel-policy tunnelspecified |
split-tunnel-network-list value VPN_Client_splitTunnelAcl |
group-policy VPN_Dialups internal |
group-policy VPN_Dialups attributes |
dns-server value 8.8.8.8 8.8.4.4 |
vpn-tunnel-protocol svc |
split-tunnel-policy tunnelspecified |
split-tunnel-network-list value VPN_Client_splitTunnelAcl |
username cgonzalez password /GWSp5iP7vQ.gJaO encrypted privilege 15 |
username migesa password vAg2TCOLcAfE9gEq encrypted privilege 15 |
username jwong password Z/cxLBP4QHTrf1Fx encrypted |
username jwong attributes |
service-type remote-access |
tunnel-group DefaultRAGroup ipsec-attributes |
pre-shared-key ***** |
tunnel-group DefaultRAGroup ppp-attributes |
no authentication chap |
authentication ms-chap-v2 |
tunnel-group RA_VPN_ISGO type remote-access |
tunnel-group RA_VPN_ISGO general-attributes |
address-pool RemoteAccess |
default-group-policy RA_VPN_ISGO |
tunnel-group RA_VPN_ISGO ipsec-attributes |
pre-shared-key ***** |
tunnel-group X.X.X.X type ipsec-l2l |
tunnel-group X.X.X.X ipsec-attributes |
pre-shared-key ***** |
tunnel-group X.X.X.X type ipsec-l2l |
tunnel-group X.X.X.X ipsec-attributes |
pre-shared-key ***** |
tunnel-group VPN_Dialups type remote-access |
tunnel-group VPN_Dialups general-attributes |
address-pool RemoteAccess |
default-group-policy VPN_Dialups |
tunnel-group VPN_Dialups ipsec-attributes |
pre-shared-key ***** |
! |
class-map voice-class_snp |
description QoS Trafico VPN SNP |
match dscp ef |
match tunnel-group X.X.X.X |
class-map rest-class |
match flow ip destination-address |
match tunnel-group X.X.X.X |
class-map http-class |
match access-list inside_mpc |
class-map rest-class_snp |
match flow ip destination-address |
match tunnel-group X.X.X.X |
class-map type inspect http match-all asdm_medium_security_methods |
match not request method head |
match not request method post |
match not request method get |
class-map tcp-traffic-class |
match access-list TCP-POLICE |
class-map inspection_default |
match default-inspection-traffic |
class-map type inspect http match-all asdm_high_security_methods |
match not request method head |
match not request method get |
class-map voice-class |
description QoS Trafico VPN SLP |
match dscp ef |
match tunnel-group X.X.X.X |
! |
! |
policy-map type inspect dns preset_dns_map |
parameters |
message-length maximum client auto |
message-length maximum 512 |
policy-map type inspect http Office365 |
parameters |
protocol-violation action drop-connection |
class asdm_medium_security_methods |
drop-connection |
policy-map global_policy |
class inspection_default |
inspect dns preset_dns_map |
inspect ftp |
inspect h323 h225 |
inspect h323 ras |
inspect rsh |
inspect rtsp |
inspect esmtp |
inspect sqlnet |
inspect skinny |
inspect sunrpc |
inspect xdmcp |
inspect sip |
inspect netbios |
inspect tftp |
inspect ip-options |
inspect icmp |
inspect http |
policy-map outside-policy |
class voice-class_snp |
priority |
class voice-class |
priority |
class tcp-traffic-class |
police output 1000000 |
police input 1000000 |
class rest-class |
police output 1000000 |
class rest-class_snp |
class class-default |
police input 1000000 |
police output 1000000 |
policy-map inside-policy |
class http-class |
inspect http Office365 |
! |
service-policy global_policy global |
service-policy inside-policy interface inside |
service-policy outside-policy interface outside |
privilege cmd level 3 mode exec command perfmon |
privilege cmd level 3 mode exec command ping |
privilege cmd level 3 mode exec command who |
privilege cmd level 3 mode exec command logging |
privilege cmd level 3 mode exec command failover |
privilege cmd level 3 mode exec command packet-tracer |
privilege show level 5 mode exec command import |
privilege show level 5 mode exec command running-config |
privilege show level 3 mode exec command reload |
privilege show level 3 mode exec command mode |
privilege show level 3 mode exec command firewall |
privilege show level 3 mode exec command asp |
privilege show level 3 mode exec command cpu |
privilege show level 3 mode exec command interface |
privilege show level 3 mode exec command clock |
privilege show level 3 mode exec command dns-hosts |
privilege show level 3 mode exec command access-list |
privilege show level 3 mode exec command logging |
privilege show level 3 mode exec command vlan |
privilege show level 3 mode exec command ip |
privilege show level 3 mode exec command ipv6 |
privilege show level 3 mode exec command failover |
privilege show level 3 mode exec command asdm |
privilege show level 3 mode exec command arp |
privilege show level 3 mode exec command route |
privilege show level 3 mode exec command ospf |
privilege show level 3 mode exec command aaa-server |
privilege show level 3 mode exec command aaa |
privilege show level 3 mode exec command eigrp |
privilege show level 3 mode exec command crypto |
privilege show level 3 mode exec command vpn-sessiondb |
privilege show level 3 mode exec command ssh |
privilege show level 3 mode exec command dhcpd |
privilege show level 3 mode exec command vpnclient |
privilege show level 3 mode exec command vpn |
privilege show level 3 mode exec command blocks |
privilege show level 3 mode exec command wccp |
privilege show level 3 mode exec command dynamic-filter |
privilege show level 3 mode exec command webvpn |
privilege show level 3 mode exec command module |
privilege show level 3 mode exec command uauth |
privilege show level 3 mode exec command compression |
privilege show level 3 mode configure command interface |
privilege show level 3 mode configure command clock |
privilege show level 3 mode configure command access-list |
privilege show level 3 mode configure command logging |
privilege show level 3 mode configure command ip |
privilege show level 3 mode configure command failover |
privilege show level 5 mode configure command asdm |
privilege show level 3 mode configure command arp |
privilege show level 3 mode configure command route |
privilege show level 3 mode configure command aaa-server |
privilege show level 3 mode configure command aaa |
privilege show level 3 mode configure command crypto |
privilege show level 3 mode configure command ssh |
privilege show level 3 mode configure command dhcpd |
privilege show level 5 mode configure command privilege |
privilege clear level 3 mode exec command dns-hosts |
privilege clear level 3 mode exec command logging |
privilege clear level 3 mode exec command arp |
privilege clear level 3 mode exec command aaa-server |
privilege clear level 3 mode exec command crypto |
privilege clear level 3 mode exec command dynamic-filter |
privilege cmd level 3 mode configure command failover |
privilege clear level 3 mode configure command logging |
privilege clear level 3 mode configure command arp |
privilege clear level 3 mode configure command crypto |
privilege clear level 3 mode configure command aaa-server |
prompt hostname context |
no call-home reporting anonymous |
Cryptochecksum:31cc225fbde09f7b351c913eef790d31 |
: end |
ASAMTY# |
Solved! Go to Solution.
05-17-2014 08:51 PM
Hi Alex,
Since only one crypto map can be applied on an interface and only one dynamic map can be part of a crypto map.
Thus , you can use the same crypto map on outside interface to terminate static and dynamic L2L VPN tunnels.
Regards
Dinesh Moudgil
PS: Please mark the helpful posts
05-17-2014 08:51 PM
Hi Alex,
Since only one crypto map can be applied on an interface and only one dynamic map can be part of a crypto map.
Thus , you can use the same crypto map on outside interface to terminate static and dynamic L2L VPN tunnels.
Regards
Dinesh Moudgil
PS: Please mark the helpful posts
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide