06-28-2018 02:44 AM - edited 03-12-2019 05:24 AM
Hi, we have two Cisco routers in our branches: ISR 886VA and ASA 5510.
Is it possible to create the Site-To-Site SSL VPN between them?
ASA1# sh ver Cisco Adaptive Security Appliance Software Version 9.1(7)15 Device Manager Version 7.8(2)151 Compiled on Tue 07-Mar-17 11:12 by builders System image file is "disk0:/asa917-15-k8.bin" Config file at boot was "startup-config" FRA-ASA1 up 103 days 17 hours Hardware: ASA5510, 1024 MB RAM, CPU Pentium 4 Celeron 1600 MHz, Internal ATA Compact Flash, 256MB BIOS Flash M50FW016 @ 0xfff00000, 2048KB Encryption hardware device : Cisco ASA-55xx on-board accelerator (revision 0x0) Boot microcode : CN1000-MC-BOOT-2.00 SSL/IKE microcode : CNlite-MC-SSLm-PLUS-2.08 IPSec microcode : CNlite-MC-IPSECm-MAIN-2.09 Number of accelerators: 1 0: Ext: Ethernet0/0 : address is 8843.e10c.2c50, irq 9 1: Ext: Ethernet0/1 : address is 8843.e10c.2c51, irq 9 2: Ext: Ethernet0/2 : address is 8843.e10c.2c52, irq 9 3: Ext: Ethernet0/3 : address is 8843.e10c.2c53, irq 9 4: Ext: Management0/0 : address is 8843.e10c.2c54, irq 11 5: Int: Not used : irq 11 6: Int: Not used : irq 5 Licensed features for this platform: Maximum Physical Interfaces : Unlimited perpetual Maximum VLANs : 100 perpetual Inside Hosts : Unlimited perpetual Failover : Active/Active perpetual Encryption-DES : Enabled perpetual Encryption-3DES-AES : Enabled perpetual Security Contexts : 2 perpetual GTP/GPRS : Disabled perpetual AnyConnect Premium Peers : 2 perpetual AnyConnect Essentials : Disabled perpetual Other VPN Peers : 250 perpetual Total VPN Peers : 250 perpetual Shared License : Disabled perpetual AnyConnect for Mobile : Disabled perpetual AnyConnect for Cisco VPN Phone : Disabled perpetual Advanced Endpoint Assessment : Disabled perpetual UC Phone Proxy Sessions : 2 perpetual Total UC Proxy Sessions : 2 perpetual Botnet Traffic Filter : Disabled perpetual Intercompany Media Engine : Disabled perpetual Cluster : Disabled perpetual This platform has an ASA 5510 Security Plus license. Serial Number: JMX1414L1E8 Running Permanent Activation Key: 0x863bd67b 0x14da2850 0x0132c460 0xda545c4c 0x8c31cab5 Configuration register is 0x1 Configuration last modified by enable_15 at 10:42:14.018 GMT Thu Apr 12 2018
ISR1#sh ver Cisco IOS Software, C800 Software (C800-UNIVERSALK9-M), Version 15.3(3)M6, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2015 by Cisco Systems, Inc. Compiled Tue 04-Aug-15 05:50 by prod_rel_team ROM: System Bootstrap, Version 15.4(1r)T1, RELEASE SOFTWARE (fc1) xxxxxxxxxx.dyndns.org uptime is 2 days, 3 hours, 7 minutes System returned to ROM by power-on System restarted at 07:31:26 CET Tue Jun 26 2018 System image file is "flash:c800-universalk9-mz.SPA.153-3.M6.bin" Last reload type: Normal Reload Last reload reason: power-on This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to export@cisco.com. Cisco C886VA-K9 (revision 1.0) with 488524K/35763K bytes of memory. Processor board ID FCZ2044B08C 1 DSL controller 1 Ethernet interface 4 FastEthernet interfaces 1 ISDN Basic Rate interface 1 ATM interface 1 Virtual Private Network (VPN) Module DRAM configuration is 32 bits wide 255K bytes of non-volatile configuration memory. 254976K bytes of ATA System CompactFlash (Read/Write) License Info: License UDI: ------------------------------------------------- Device# PID SN ------------------------------------------------- *0 C886VA-K9 FCZ2044B08C License Information for 'c800' License Level: advipservices Type: Default. No valid license found. Next reboot license Level: advipservices
Configuration register is 0x2102
The Cisco ISR 886 has a dynamic IP, but it uses DynDNS service.
If it is possible how can configure it?
Thank you in advance!
Solved! Go to Solution.
06-28-2018 02:47 AM
06-28-2018 02:47 AM
06-28-2018 02:55 AM
Ok, then which kind of VPN can I use?
06-28-2018 03:00 AM - edited 06-28-2018 03:05 AM
As the ASA is running old firmware you can only setup a crypto map IPSec VPN.
If you were running ASA firmware 9.7+ (I don't think your 5510 supports that) you could also implement a VTI (virtual tunnel interface) running IKEv2.
HTH
06-28-2018 03:00 AM
I found this article. Does it suit for ISR 800?
06-28-2018 03:05 AM
06-28-2018 03:07 AM
The ISR has
Version 15.4(1r)T1
so, i will try.
Thank you!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide