03-01-2020 10:37 PM
안녕하세요
유영진입니다
VPN 연결 중에 질문이 있습니다.
동적 VPN을 구성했으며 피어 정보를 모르는 ASA로 VPN 세션을 시작할 수 있는지 궁금합니다.
도와 주셔서 감사합니다.
Solved! Go to Solution.
03-02-2020 02:22 AM
03-01-2020 10:54 PM
03-01-2020 11:06 PM
Cisco ASA IPsec VPN issue
Hello
I'm yu youngjin
I have a question during a VPN connection.
I've configured dynamic VPNs and i wonder if you can start a VPN session with an ASA that doesn't know peer information.
Thank you help.
---------------ASA(1)----------------
crypto ipsec ikev1 transform-set IPSEC_SA esp-aes esp-sha-hmac
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map DY-MAP 1 set ikev1 transform-set IPSEC_SA
crypto dynamic-map DY-MAP 1 set reverse-route
crypto map DY-MAP 1 ipsec-isakmp dynamic DY-MAP
crypto map DY-MAP interface outside
crypto ca trustpool policy
no crypto isakmp nat-traversal
crypto ikev1 enable outside
crypto ikev1 policy 100
authentication pre-share
encryption aes
hash sha
group 2
lifetime 3600
tunnel-group DefaultL2LGroup ipsec-attributes
ikev1 pre-shared-key *****
---------------ASA(2)----------------
crypto ipsec ikev1 transform-set IPSEC_SA esp-aes esp-sha-hmac
crypto ipsec security-association pmtu-aging infinite
crypto map VPN_T 1 match address IPSEC_T
crypto map VPN_T 1 set peer 1.1.1.253
crypto map VPN_T 1 set ikev1 transform-set IPSEC_SA
crypto map VPN_T interface outside
crypto ca trustpool policy
crypto ikev1 enable outside
crypto ikev1 policy 1
authentication pre-share
encryption aes
hash sha
group 2
lifetime 3600
tunnel-group 1.1.1.253 type ipsec-l2l
tunnel-group 1.1.1.253 ipsec-attributes
ikev1 pre-shared-key *****
03-01-2020 11:43 PM
03-01-2020 11:46 PM
So can't an ASA that doesn't know peer can't form a session?
03-02-2020 12:30 AM
03-02-2020 01:38 AM
I want to know how to communicate with VPN in both directions in the context of dynamicVPN configured
Not just one side, but both
03-02-2020 02:22 AM
03-02-2020 02:49 AM
Always tell us how you can keep your VPN session.
Thank you very much for your help
03-02-2020 03:40 AM
03-02-2020 04:24 AM
Thank you for letting us know.
What happens if ntp is blocked?
Is there another way?
03-02-2020 09:39 AM
03-03-2020 09:07 PM
Remote is supposed to maintain a VPN
Thank you very much for your help
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide