[c-nsp] ASA doesn't like ipsec...
david raistrick
drais at icantclick.org
Thu Sep 25 13:14:39 EDT 2008
Guys,
Trying to turn up a vpn on a newly reinstalled (and out of support) pair
of asa 5520s.
They're running in multiple context mode, and active/standby.
I've searched and searched to no avail, but man this seems familiar..
running 8.04. in ASDM there is no VPN wizard to try. (only setup and
HA).
Step 2 of vpnsetup site-to-site steps:
oma-i33-fw1/oma-prod(config)# crypto isakmp policy 10
^
ERROR: % Invalid input detected at '^' marker.
oma-i33-fw1/oma-prod(config)#
The only crypto options I have are:
oma-i33-fw1/oma-prod(config)# crypto ?
configure mode commands/options:
ca Certification authority
key Long term key operations
oma-i33-fw1/oma-prod(config)# crypto
wtf? anyone?
Licensed features for this user context:
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Enabled
GTP/GPRS : Disabled
And from the system side:
oma-i33-fw1# sh ver | inc VPN
VPN-DES : Enabled
VPN-3DES-AES : Enabled
VPN Peers : 750
WebVPN Peers : 2
This platform has an ASA 5520 VPN Plus license.
oma-i33-fw1#
---
david raistrick http://www.netmeister.org/news/learn2quote.html
drais at icantclick.org http://www.expita.com/nomime.html
More information about the cisco-nsp
mailing list