Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
923
Views
0
Helpful
3
Replies

Where to enable the remote identifier

mable
Level 1
Level 1

‎12-07-2016 09:27 PM

Dear All,

I would like to setup a L2L VPN with my partner which is using a third party product.

They have provided me the Phase I & II information and also include the Local and Remote identifier.

Kindly advice where should I enter the Remote identifier parameter, I cannot find it anywhere in ASDM.

Thank you

JC

Labels:
0 Helpful
3 Replies 3

cofee
Level 5
Level 5

‎12-07-2016 11:20 PM

Hello Mable,

I don't normally use ASDM for configuration unless I have to. But if you have access to ASA CLI, you can just type this command in the config mode "vpnsetup site-to-site steps" and you can just copy the output on a notepad and make changes according to your network.

0 Helpful

mable
Level 1
Level 1
In response to cofee

‎12-08-2016 10:41 PM

Dear Cofee,

Thank you for the advice,

kindly refer to the following from "vpnsetup site-to-site setps", I could not find any parameter referring to the Remote identifier or Peer identifier

Steps to configure a site-to-site IKE/IPSec connection with examples:

1. Configure Interfaces

interface GigabitEthernet0/0
ip address 10.10.4.200 255.255.255.0
nameif outside
no shutdown

interface GigabitEthernet0/1
ip address 192.168.0.20 255.255.255.0
nameif inside
no shutdown

2. Configure ISAKMP policy

crypto isakmp policy 10
authentication pre-share
encryption aes
hash sha

3. Configure transform-set

crypto ipsec transform-set myset esp-aes esp-sha-hmac

4. Configure ACL

access-list L2LAccessList extended permit ip 192.168.0.0 255.255.255.0 1
92.168.50.0 255.255.255.0

5. Configure Tunnel group

tunnel-group 10.20.20.1 type ipsec-l2l
tunnel-group 10.20.20.1 ipsec-attributes
pre-shared-key P@rtn3rNetw0rk

6. Configure crypto map and attach to interface

crypto map mymap 10 match address L2LAccessList
crypto map mymap 10 set peer 10.10.4.108
crypto map mymap 10 set transform-set myset
crypto map mymap 10 set reverse-route
crypto map mymap interface outside

7. Enable isakmp on interface

crypto isakmp enable outside

0 Helpful

cofee
Level 5
Level 5
In response to mable

‎12-09-2016 08:07 AM

Hi Mable,

This is where you need to set the remote peer:

5. Configure Tunnel group

tunnel-group remote_address type ipsec-l2l
tunnel-group remote_address ipsec-attributes
pre-shared-key remote_key

crypto map mymap 10 set peer remote_address

Please let me know if this answers your question.

0 Helpful
Customers Also Viewed These Support Documents