Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

the ipsec vpn does not work

Status
Not open for further replies.
shouldit

shouldit

IS-IT--Management
Feb 9, 2009
2
ASA Version 7.0(7)
interface Ethernet0/0
nameif outside
security-level 0
ip address *.*.*.* 255.255.255.252
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 172.26.9.1 255.255.255.0
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only

clock timezone cq 8
access-list nonat extended permit ip 172.26.9.0 255.255.255.0 192.168.129.0 255.255.255.0
asdm image disk0:/asdm-507.bin
nat-control
global (outside) 1 interface
nat (inside) 0 access-list nonat
nat (inside) 1 172.26.9.0 255.255.255.0
route outside 0.0.0.0 0.0.0.0 *.*.*.* 1
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto dynamic-map dymap 10 set transform-set ESP-DES-MD5
crypto dynamic-map dymap 10 set reverse-route
crypto map mymap 65535 ipsec-isakmp dynamic dymap
crypto map mymap interface outside
isakmp identity address
isakmp enable outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key *


ASA Version 8.0(3)
interface Ethernet0/0
nameif outside
security-level 0
pppoe client vpdn group jtqy
ip address pppoe setroute
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 192.168.129.1 255.255.255.0


access-list vpn extended permit ip 192.168.129.0 255.255.255.0 172.26.9.0 255.255.255.0
access-list nonat extended permit ip 192.168.129.0 255.255.255.0 172.26.9.0 255.255.255.0

global (outside) 1 interface
nat (inside) 0 access-list nonat
nat (inside) 1 192.168.129.0 255.255.255.0


crypto ipsec transform-set myset esp-des esp-md5-hmac
crypto map mymap 10 match address vpn
crypto map mymap 10 set peer 221.5.*.*
crypto map mymap 10 set transform-set myset
crypto map mymap interface outside
crypto isakmp identity hostname
crypto isakmp enable outside
crypto isakmp policy 30
authentication pre-share
encryption des
hash md5
group 2
lifetime 86400
no crypto isakmp nat-traversal

vpdn group jtqy request dialout pppoe
vpdn group jtqy localname ********
vpdn group jtqy ppp authentication pap
vpdn username ******** password *********

threat-detection basic-threat
threat-detection statistics access-list

tunnel-group 221.5.*.* type ipsec-l2l
tunnel-group 221.5.*.* ipsec-attributes
pre-shared-key *
 
Sort by date Sort by votes
A description of the problem besides "it doesn't work" would be nice. From what I can see, your first ASA (the v7.0(7)) is set up for remote access but not L2L VPN. Try and mimic your second ASA config on the first one (obviously you'll change the source and destination addresses as well as the tunnel-group name)

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
588
intel233
intel233
ISDPCMAN
  • Locked
  • Question
RDP fails over VPN
Replies
1
Views
210
gkittelson
gkittelson
Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
726
Shmid
Shmid
WhosYourDiffie
  • Locked
  • Question
Cisco ASA 5506 VPN for Avaya Phones
Replies
0
Views
160
WhosYourDiffie
WhosYourDiffie
Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
518
nnaarrnn
nnaarrnn

Part and Inventory Search

Sponsor

Back
Top