We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 644 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

463 Sign Ups in the last 30 days

satisfaction-guaranteed
100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags: , ,


Forum Replies

  1. Hi Rene,

    I can’t understand How ASA1 recognizes dynamically the peer IP address with the command

    ASA1(config)# tunnel-group DefaultL2LGroup ipsec-attributes

    and

    ASA1(config)# tunnel-group ASA1_ASA2 type ipsec-l2l
    ASA1(config)# tunnel-group ASA1_ASA2 ipsec-attributes
    

    Could you please help me to describe how they are working ??

    br/
    zaman

  2. Hi Zaman,

    On ASA2 you will find this line:

    ASA2(config)# crypto isakmp identity key-id ASA1_ASA2

    When ASA2 tries to connect to ASA1, it will use “ASA1_ASA2” to identify itself. This will help ASA1 to decide which tunnel group to pick:

    ASA1(config)# tunnel-group ASA1_ASA2 type ipsec-l2l

    ASA1 will accept connections from any IP address.

    Rene

  3. Thanks for all the explanations, but please I have a question "should my WAN LINK caries a public IP address or should I assign any?

  4. Hello Rene,

    Can this setup be applied to an ASA with a static then IKEV1 tunnels to dynamic Cisco 871 routers?

    Thanks!
    Jesse

5 more replies! Ask a question or join the discussion by visiting our Community Forum