Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
376
Views
0
Helpful
1
Replies

Dynamic VPN Question

Go to solution
sprocket10
Level 2
Level 2

‎02-25-2016 01:49 AM

I am trying to setup Dynamic VPN site-to-site tunnels to our ASA with a static ip using the correct method from Cisco. We have been doing it for a few years but apparently its not the recommended way. We have been advised to use the DefaultL2LGroup method.

We have the standard template, but I cannot see how this will work without the access-lists we previously used.

.

---------

Template

---------

crypto ipsec transform-set myset esp-des esp-md5-hmac
!
crypto dynamic-map mymap 1 set transform-set myset
crypto dynamic-map mymap 1 set reverse-route
crypto map dyn-map 10 IPSec-isakmp dynamic mymap
crypto map dyn-map interface outside
!
crypto isakmp policy 10
 authentication pre-share
 encryption des
 hash md5
 group 2
 lifetime 86400
!
tunnel-group DefaultL2LGroup IPSec-attributes
 pre-shared-key *

.

---------

Previous config for access list

---------

crypto dynamic-map Site1 72 match address WAN_cryptomap_59

access-list WAN_cryptomap_59 extended permit ip object HQ object Site1

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rohan Padwal
Level 1
Level 1

‎02-25-2016 09:25 AM

Hello

Please follow below document

tp://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/119007-config-asa9x-ike-ipsec-00.html

Regards

#Rohan

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Rohan Padwal
Level 1
Level 1

‎02-25-2016 09:25 AM

Hello

Please follow below document

tp://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/119007-config-asa9x-ike-ipsec-00.html

Regards

#Rohan

0 Helpful
Customers Also Viewed These Support Documents