cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
921
Views
0
Helpful
2
Replies

Build up vpn between ASA and VMware NSX

CY Ko
Level 1
Level 1

Hi everyone,

 

I am new asa user. I want to build up site to site VPN between ASA and VMware NSX, however, it is not working. Anyone can help me?

ASA version: 5515(9.6)

2 Replies 2

balaji.bandi
Hall of Fame
Hall of Fame

You have not provided enough information, what you have tried, what is the error, what is the configuration put in both devices. it would be always nice to provide background information also what you have tried what failed.

 

here is the one of document for reference ASA with NSX edge

 

https://success.ilandcloud.com/articles/l2vpn-using-vmware-nsx-edges

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

CY Ko
Level 1
Level 1
This is my configuration on asa.
crypto ikev1 policy 1
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 28800
crypto ipsec ikev1 transform-set FirstSet esp-3des esp-md5-hmac
access-list l2l_list extended permit ip 192.168.1.0 255.255.255.0 10.10.10.0 255.255.255.0
access-list l2l_list extended permit ip 192.168.1.0 255.255.255.0 10.10.20.0 255.255.255.0
access-list l2l_list extended permit ip 192.168.1.0 255.255.255.0 192.168.95.0 255.255.255.0
tunnel-group 103.19.25.66 type ipsec-l2l
tunnel-group 103.19.25.66 ipsec-attributes
ikev1 pre-shared-key xxxxx
crypto map abcmap 1 match address l2l_list
crypto map abcmap 1 set peer NSX_Public_IP_Address
crypto map abcmap 1 set ikev1 transform-set FirstSet
crypto map abcmap 1 set pfs group2
crypto map abcmap interface outside2
nat (inside,outside) 1 source static obj-192.168.1.0 obj-192.168.1.0 destination static DC-10.10.20.0 DC-10.10.20.0 no-proxy-arp route-lookup
nat (inside,outside) 1 source static obj-192.168.1.0 obj-192.168.1.0 destination static DC-192.168.95.0 DC-192.168.95.0 no-proxy-arp route-lookup
nat (inside,outside) 1 source static obj-192.168.1.0 obj-192.168.1.0 destination static DC-10.10.10.0 DC-10.10.10.0 no-proxy-arp route-lookup

After that, I still cannot connect to opposite site.