i am trying to configure a site to site vpn with a dynamic map, with ASA2 has the dhcp assigned on the outside interface. The underlying routing works fine. But when I applied the ASAs with my phase1 and phase2 configs. it stops working, not even pinging.
Thanks
Han
R1==ASA1-----ASA2=====R2
ASA1
crypto isakmp policy 5
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto isakmp enable outside
tunnel-group DefaultL2LGroup ipsec-attributes
pre-shared-key cisco
crypto ipsec transform-set myset esp-aes esp-sha-hmac
crypto dynamic-map MAP-DYN 20 set transform-set myset
crypto map MAP-VPN 55 ipsec-isakmp dynamic MAP-DYN
crypto map MAP-VPN interface outside
============
crypto isakmp policy 15
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto isakmp enable outside
isakmp key cisco address 1.1.10.1
access-list 120 permit ip any any
access-list 120 permit icmp any any
crypto ipsec transform-set myset esp-aes esp-sha-hmac
crypto map MAP-VPN 10 match address 120
crypto map MAP-VPN 10 set peer 1.1.10.1
crypto map MAP-VPN 10 set transform-set myset
crypto map MAP-VPN 10 set security-association lifetime kilobytes 10000
crypto map MAP-VPN interface outside