[c-nsp] terminating many l2l tunnels on an ASA
Alex Balashov
abalashov at evaristesys.com
Fri Sep 19 01:46:59 EDT 2008
Well, the ASAs do have a nice Java GUI with a high level of
sophistication similar to the PIX's and VPN Concentrators. That can
definitely help cut down on management clutter, and is the easier way to
manage an ASA anyhow, seeing as its config format is just as abstruse
and different from everything IOS as PIX.
Ryan wrote:
> Hey everyone, question for those of you who may have already suffered this
> unfortunate fate -
>
>
>
> Background:
>
>
>
> I have about 150 site to site VPN tunnels I need to terminate for an ASA.
> Zero (yes, zero) of the remote end devices are Cisco. I do not have any
> control over these devices. Everything is the same except for the remote
> subnets, and obviously the peer IPs. Encryption, PSK, etc. all matching.
>
>
>
> One of the requirements is that the tunnel is able to be brought up by
> generating traffic from my side (kind of shoots down a dynamic L2L I
> -think-)
>
>
>
> I am using a Cisco ASA 5520 with a VPN Plus license. I don't have the option
> of purchasing anything else to help with this.
>
>
>
> The actual question:
>
>
>
> Does anyone know of a decent way to bring these up without cluttering my
> config with 1000+ lines of ACL, tunnel-group config, etc?
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
--
Alex Balashov
Evariste Systems
Web : http://www.evaristesys.com/
Tel : (+1) (678) 954-0670
Direct : (+1) (678) 954-0671
Mobile : (+1) (706) 338-8599
More information about the cisco-nsp
mailing list