cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2141
Views
0
Helpful
0
Replies
Highlighted
Beginner

IPSec VPN on Cisco ASA as Aggressive Mode

HOW to configure local and remote ID on Cisco ASA for Aggresive mode IKE ?

The ID must have a '@' symbol in it as required by other peer. I coulod not have this symbol in hostname of ASA like mycisco@branch ?

do i need to remove the peer IP address from crypto map in order to alolw it in aggressive mode ?

how to getrid of its outside private IP as a peer ID going to other end ? i want its ID as mycisco@branch

Below is a picture of my topology


HQ has cisco ASA behind the peplink-360 which is in VPN passthrough mode and forwarding all the VPN request/response/traffic through it. Branch has only peplink-310. Site-to-site VPN are terminating at ciscoASA and peplink-310.


HQ Peplink-360 has a static IP and Branch peplink-310 has PPPoE dialer but a fixed IP. As the Cisco ASA on HQ has a private address 172.16.1.2 on outside public interface and its gateway is 172.16.1.1(which is LAN of HQ Peplink-360)


GOAL:

things are not looking good as there is a double NAT here and a private IP on the ASA. troubleshooting results shows that on Branch Peplink-310: The peer ID is coming in as 172.16.1.2 (which is Cisco ASA outside and have crypto maps), and we require the ID to be 41.10.161.45(WAN IP on HQ Peplink-360) as per your configuration.

HQ Pepelink-360(which is in PASS through mode and has cisco ASA behind it for vpn termination)has a static IP. BUT the Branch Peplink-310(where VPN terminates) has a PPPoE dialer but a fixed IP address(can we count a fixed IP as a static IP and can have aggressive mode?)


I tried main mode for IKE1 but failed now configured the Branch Peplink-2 in aggressive mode but need assistance to configure ASA for Aggresive mode and dont know how to give it local/remote IDs...NO Success

Thank you in advance.

0 REPLIES 0
Content for Community-Ad