Community discussions

MikroTik App
 
rootdet
just joined
Topic Author
Posts: 11
Joined: Thu Jun 17, 2010 6:21 pm

IPSEC to ASA

Tue Jan 12, 2021 9:37 am

Hi all,

Looking to do an IPSEC to an ASA already configured. However I am struggling with getting the phase 1 and 2 settings to match. Right now it simply does not come up



My local subnet: 10.90.1.12/32,10.90.2.7/32
Remote Subnet: 10.40.5.1,10.40.5.78
MY IP: 10.253.10.3


The OLD ASA config (Mikrotik replaced the box)

crypto ipsec ikev1 transform-set aes256-md5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev2 ipsec-proposal PS-AP
 protocol esp encryption 3des
 protocol esp integrity sha-1
crypto ipsec security-association pmtu-aging infinite
crypto map VPN 10 match address PS-AP-VPN
crypto map VPN 10 set peer 10.253.10.2
crypto map VPN 10 set ikev1 transform-set aes256-md5
crypto map VPN 10 set ikev2 ipsec-proposal PS-AP
crypto map VPN 10 set ikev2 pre-shared-key [1234]
crypto map VPN interface outside
crypto ca trustpool policy
crypto ikev2 policy 2
 encryption 3des
 integrity sha
 group 2
 prf sha
 lifetime seconds 86400
crypto ikev2 enable outside
crypto ikev1 enable outside
crypto ikev1 policy 5
 authentication pre-share
 encryption aes-256
 hash md5
 group 2
 lifetime 86400

tunnel-group 10.253.10.2 type ipsec-l2l
tunnel-group 10.253.10.2 ipsec-attributes
 ikev1 pre-shared-key [1234]
 ikev2 remote-authentication pre-shared-key [1234]
 ikev2 local-authentication pre-shared-key [1234]
!
 
sindy
Forum Guru
Forum Guru
Posts: 6660
Joined: Mon Dec 04, 2017 9:19 pm

Re: IPSEC to ASA

Tue Jan 12, 2021 10:51 am

Where's the Mikrotik configuration you've set up so far?
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.

Who is online

Users browsing this forum: andaris, bandini981, Bing [Bot], i4ko, jrader1, Krisious, siandiandi, Sob, Znevna and 184 guests