[c-nsp] ASA doesn't like ipsec...

Scott McGrath mcgrath at fas.harvard.edu
Thu Sep 25 13:21:11 EDT 2008


VPN is a single context feature

david raistrick wrote:
>
> Guys,
>
> Trying to turn up a vpn on a newly reinstalled (and out of support) 
> pair of asa 5520s.
>
> They're running in multiple context mode, and active/standby.
>
> I've searched and searched to no avail, but man this seems familiar..
>
> running 8.04.   in ASDM there is no VPN wizard to try. (only setup and 
> HA).
>
>
> Step 2 of vpnsetup site-to-site steps:
>
> oma-i33-fw1/oma-prod(config)# crypto isakmp policy 10
>                                      ^
> ERROR: % Invalid input detected at '^' marker.
> oma-i33-fw1/oma-prod(config)#
>
>
> The only crypto options I have are:
>
> oma-i33-fw1/oma-prod(config)# crypto ?
>
> configure mode commands/options:
>   ca   Certification authority
>   key  Long term key operations
> oma-i33-fw1/oma-prod(config)# crypto
>
>
>
>
>
>
> wtf?   anyone?
>
> Licensed features for this user context:
> Failover                     : Active/Active
> VPN-DES                      : Enabled
> VPN-3DES-AES                 : Enabled
> GTP/GPRS                     : Disabled
>
>
> And from the system side:
>
> oma-i33-fw1# sh ver | inc VPN
> VPN-DES                      : Enabled
> VPN-3DES-AES                 : Enabled
> VPN Peers                    : 750
> WebVPN Peers                 : 2
> This platform has an ASA 5520 VPN Plus license.
> oma-i33-fw1#
>
>
>
>
>
>
> ---
> david raistrick        http://www.netmeister.org/news/learn2quote.html
> drais at icantclick.org             http://www.expita.com/nomime.html
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/


More information about the cisco-nsp mailing list