12-07-2016 09:27 PM
Dear All,
I would like to setup a L2L VPN with my partner which is using a third party product.
They have provided me the Phase I & II information and also include the Local and Remote identifier.
Kindly advice where should I enter the Remote identifier parameter, I cannot find it anywhere in ASDM.
Thank you
JC
12-07-2016 11:20 PM
Hello Mable,
I don't normally use ASDM for configuration unless I have to. But if you have access to ASA CLI, you can just type this command in the config mode "vpnsetup site-to-site steps" and you can just copy the output on a notepad and make changes according to your network.
12-08-2016 10:41 PM
Dear Cofee,
Thank you for the advice,
kindly refer to the following from "vpnsetup site-to-site setps", I could not find any parameter referring to the Remote identifier or Peer identifier
Steps to configure a site-to-site IKE/IPSec connection with examples:
1. Configure Interfaces
interface GigabitEthernet0/0
ip address 10.10.4.200 255.255.255.0
nameif outside
no shutdown
interface GigabitEthernet0/1
ip address 192.168.0.20 255.255.255.0
nameif inside
no shutdown
2. Configure ISAKMP policy
crypto isakmp policy 10
authentication pre-share
encryption aes
hash sha
3. Configure transform-set
crypto ipsec transform-set myset esp-aes esp-sha-hmac
4. Configure ACL
access-list L2LAccessList extended permit ip 192.168.0.0 255.255.255.0 1
92.168.50.0 255.255.255.0
5. Configure Tunnel group
tunnel-group 10.20.20.1 type ipsec-l2l
tunnel-group 10.20.20.1 ipsec-attributes
pre-shared-key P@rtn3rNetw0rk
6. Configure crypto map and attach to interface
crypto map mymap 10 match address L2LAccessList
crypto map mymap 10 set peer 10.10.4.108
crypto map mymap 10 set transform-set myset
crypto map mymap 10 set reverse-route
crypto map mymap interface outside
7. Enable isakmp on interface
crypto isakmp enable outside
12-09-2016 08:07 AM
Hi Mable,
This is where you need to set the remote peer:
5. Configure Tunnel group
tunnel-group remote_address type ipsec-l2l
tunnel-group remote_address ipsec-attributes
pre-shared-key remote_key
crypto map mymap 10 set peer remote_address
Please let me know if this answers your question.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide