We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is Why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 625 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

 

405 New Members signed up the last 30 days!

satisfaction-guaranteed

100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags: , ,


Forum Replies

  1. Hi Rene,

    I can’t understand How ASA1 recognizes dynamically the peer IP address with the command

    ASA1(config)# tunnel-group DefaultL2LGroup ipsec-attributes

    and

    ASA1(config)# tunnel-group ASA1_ASA2 type ipsec-l2l
    ASA1(config)# tunnel-group ASA1_ASA2 ipsec-attributes
    

    Could you please help me to describe how they are working ??

    br/
    zaman

  2. Thanks for all the explanations, but please I have a question "should my WAN LINK caries a public IP address or should I assign any?

  3. Hello Rene,

    Can this setup be applied to an ASA with a static then IKEV1 tunnels to dynamic Cisco 871 routers?

    Thanks!
    Jesse

  4. Hi John,

    For your access-lists, something like this should work:

    ASA-1:
    access-list ASA1_ASA2 extended permit ip 172.16.32.0 255.255.255.0 any

    ASA-2:
    access-list ASA2_ASA1 extended permit ip any 172.16.32.0 255.255.255.0

    This allows all hosts in the 172.16.32.0/24 subnet to go through the VPN tunnel to any destination (including the Internet). Don’t forget to configure NAT somewhere…like those routers.

    About adding that second peer, is there any overlap with your crypto map (or access-lists) that could cause this? Make sure each peer “lands” on the correct tunnel group.

    Rene

5 more replies! Ask a question or join the discussion by visiting our Community Forum