Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
659
Views
0
Helpful
1
Replies

VPN site to site

mohamed.ali
Level 1
Level 1

‎12-10-2017 01:43 PM - edited ‎03-12-2019 04:49 AM

Dears i confugre the below on my ASA

 

 

access-list ACL_PROXY_ACL extended permit ip 10.10.10.10 255.255.255.255 44.44.44.44 255.255.255.255

!

crypto ipsec ikev1 transform-set TSET_TO_BRANCH esp-aes 256 esp-sha256-hmac

 

!

crypto map CMAP_VPN 10 match address ACL_PROXY_ACL

crypto map CMAP_VPN 10 set peer xx.xx.xxx.xx

crypto map CMAP_VPN 10 set ikev1 transform-set TSET_TO_BRANCH

crypto map CMAP_VPN interface OUTSIDE

!

crypto ikev1 enable OUTSIDE

!

crypto ikev1 policy 10

 authentication pre-share

 encryption aes

 hash md5

 group 5

 lifetime 86400

!

!

tunnel-group xx.xx.xxx.xx type ipsec-l2l

tunnel-group xx.xx.xxx.xx ipsec-attributes

 ikev1 pre-shared-key CISCO






xx.xx.xxx.xx  my peer 


please i have a problem that the tunnel didn't get up..

so where is the problem, any nat rule must i add ?

thanks


Labels:
0 Helpful
1 Reply 1

Flavio Miranda
VIP
VIP

‎12-10-2017 03:04 PM

Hi @mohamed.ali

 

show crypto ipsec sa

show crypto isamak sa

 

Share the output.

 

-If I helped you somehow, please, rate it as useful.-

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents