[c-nsp] ASA doesn't like ipsec...

Ge Moua moua0100 at umn.edu
Thu Sep 25 13:31:43 EDT 2008


Sounds like a good request for feature to Cisco.  I'm for it, I like to do
IPSec in mulitple context so I can tie them to different VRF upstream; or
better yet support for VRF-Aware IPSec on the ASA in multiple context mode.



Regards,
Ge Moua | Email: moua0100 at umn.edu

Network Design Engineer
University of Minnesota | Networking & Telecommunications Services
 
-----Original Message-----
From: Ge Moua [mailto:moua0100 at umn.edu] 
Sent: Thursday, September 25, 2008 12:22 PM
To: 'david raistrick'; 'cisco-nsp at puck.nether.net'
Subject: RE: [c-nsp] ASA doesn't like ipsec...

I believe IPSec on the ASA will only run in single/routed mode.  Try that.


Regards,
Ge Moua | Email: moua0100 at umn.edu

Network Design Engineer
University of Minnesota | Networking & Telecommunications Services

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of david raistrick
Sent: Thursday, September 25, 2008 12:15 PM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] ASA doesn't like ipsec...


Guys,

Trying to turn up a vpn on a newly reinstalled (and out of support) pair of
asa 5520s.

They're running in multiple context mode, and active/standby.

I've searched and searched to no avail, but man this seems familiar..

running 8.04.   in ASDM there is no VPN wizard to try. (only setup and 
HA).


Step 2 of vpnsetup site-to-site steps:

oma-i33-fw1/oma-prod(config)# crypto isakmp policy 10
                                      ^
ERROR: % Invalid input detected at '^' marker.
oma-i33-fw1/oma-prod(config)#


The only crypto options I have are:

oma-i33-fw1/oma-prod(config)# crypto ?

configure mode commands/options:
   ca   Certification authority
   key  Long term key operations
oma-i33-fw1/oma-prod(config)# crypto






wtf?   anyone?

Licensed features for this user context:
Failover                     : Active/Active
VPN-DES                      : Enabled
VPN-3DES-AES                 : Enabled
GTP/GPRS                     : Disabled


And from the system side:

oma-i33-fw1# sh ver | inc VPN
VPN-DES                      : Enabled
VPN-3DES-AES                 : Enabled
VPN Peers                    : 750
WebVPN Peers                 : 2
This platform has an ASA 5520 VPN Plus license.
oma-i33-fw1#






---
david raistrick        http://www.netmeister.org/news/learn2quote.html
drais at icantclick.org             http://www.expita.com/nomime.html

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list