ASA:dynamic map entry before regular map.

From: Ajay mehra (ajaymehra01@gmail.com)
Date: Mon Dec 29 2008 - 15:23:59 ARST

• Next message: CiSco Champ: "CCIE RS LAB in Jan/Feb 2009"
• Previous message: Josh Covarrubias: "Re: MERRY CHRISTMAS to one and all"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hello Freinds,

ASA is configured correctly to support remote access VPN clients as well as
for a lan to lan tunnel to another ASA. I spent half day trouble shooting
why the L2L tunnel did not come up until I had a look at the Solution guide
which has Dynamic map entry applied after L2L crypto map.

ASA2:

crypto map VPN 100 ipsec-isakmp dynamic DYNAMIC (this is for RA)

and

crypto map VPN 10 ...args (for l2l , remote node is ASA1)

I could not figure out why L2L tunnel did not come up when I had dynamic
entry applied before L2L entry and both were using different Transform Set.

When tunnel is initiated from ASA1 then should not it move to next VPN entry
if the transform set did not match in the dynamic map?

-Ajay

Blogs and organic groups at http://www.ccie.net

• Next message: CiSco Champ: "CCIE RS LAB in Jan/Feb 2009"
• Previous message: Josh Covarrubias: "Re: MERRY CHRISTMAS to one and all"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jan 01 2009 - 12:53:10 ARST