Looking to do an IPSEC to an ASA already configured. However I am struggling with getting the phase 1 and 2 settings to match. Right now it simply does not come up
Code: Select all
My local subnet: 10.90.1.12/32,10.90.2.7/32
Remote Subnet: 10.40.5.1,10.40.5.78
MY IP: 10.253.10.3
The OLD ASA config (Mikrotik replaced the box)
crypto ipsec ikev1 transform-set aes256-md5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev2 ipsec-proposal PS-AP
protocol esp encryption 3des
protocol esp integrity sha-1
crypto ipsec security-association pmtu-aging infinite
crypto map VPN 10 match address PS-AP-VPN
crypto map VPN 10 set peer 10.253.10.2
crypto map VPN 10 set ikev1 transform-set aes256-md5
crypto map VPN 10 set ikev2 ipsec-proposal PS-AP
crypto map VPN 10 set ikev2 pre-shared-key [1234]
crypto map VPN interface outside
crypto ca trustpool policy
crypto ikev2 policy 2
encryption 3des
integrity sha
group 2
prf sha
lifetime seconds 86400
crypto ikev2 enable outside
crypto ikev1 enable outside
crypto ikev1 policy 5
authentication pre-share
encryption aes-256
hash md5
group 2
lifetime 86400
tunnel-group 10.253.10.2 type ipsec-l2l
tunnel-group 10.253.10.2 ipsec-attributes
ikev1 pre-shared-key [1234]
ikev2 remote-authentication pre-shared-key [1234]
ikev2 local-authentication pre-shared-key [1234]
!