[c-nsp] terminating many l2l tunnels on an ASA

Christian Koch christian at broknrobot.com
Fri Sep 19 20:53:56 EDT 2008


I don't believe that is what he is asking..

The way I interperted his question was If there is a way to
consolidate his configuration...

Something like using peer-groups and peer-templates with BGP to group
identical-configuration-items...

If so, I don't know of anyway to do so..but if there is one, would love to know

Christian




On 9/19/08, Alex Balashov <abalashov at evaristesys.com> wrote:
> Well, the ASAs do have a nice Java GUI with a high level of
> sophistication similar to the PIX's and VPN Concentrators.  That can
> definitely help cut down on management clutter, and is the easier way to
> manage an ASA anyhow, seeing as its config format is just as abstruse
> and different from everything IOS as PIX.
>
> Ryan wrote:
>
>> Hey everyone, question for those of you who may have already suffered this
>> unfortunate fate -
>>
>>
>>
>> Background:
>>
>>
>>
>> I have about 150 site to site VPN tunnels I need to terminate for an ASA.
>> Zero (yes, zero) of the remote end devices are Cisco. I do not have any
>> control over these devices. Everything is the same except for the remote
>> subnets, and obviously the peer IPs. Encryption, PSK, etc. all matching.
>>
>>
>>
>> One of the requirements is that the tunnel is able to be brought up by
>> generating traffic from my side (kind of shoots down a dynamic L2L I
>> -think-)
>>
>>
>>
>> I am using a Cisco ASA 5520 with a VPN Plus license. I don't have the
>> option
>> of purchasing anything else to help with this.
>>
>>
>>
>> The actual question:
>>
>>
>>
>> Does anyone know of a decent way to bring these up without cluttering my
>> config with 1000+ lines of ACL, tunnel-group config, etc?
>>
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
> --
> Alex Balashov
> Evariste Systems
> Web    : http://www.evaristesys.com/
> Tel    : (+1) (678) 954-0670
> Direct : (+1) (678) 954-0671
> Mobile : (+1) (706) 338-8599
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

-- 
Sent from my mobile device


More information about the cisco-nsp mailing list