[c-nsp] ASA doesn't like ipsec...
Ge Moua
moua0100 at umn.edu
Thu Sep 25 13:22:03 EDT 2008
I believe IPSec on the ASA will only run in single/routed mode. Try that.
Regards,
Ge Moua | Email: moua0100 at umn.edu
Network Design Engineer
University of Minnesota | Networking & Telecommunications Services
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of david raistrick
Sent: Thursday, September 25, 2008 12:15 PM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] ASA doesn't like ipsec...
Guys,
Trying to turn up a vpn on a newly reinstalled (and out of support) pair of
asa 5520s.
They're running in multiple context mode, and active/standby.
I've searched and searched to no avail, but man this seems familiar..
running 8.04. in ASDM there is no VPN wizard to try. (only setup and
HA).
Step 2 of vpnsetup site-to-site steps:
oma-i33-fw1/oma-prod(config)# crypto isakmp policy 10
^
ERROR: % Invalid input detected at '^' marker.
oma-i33-fw1/oma-prod(config)#
The only crypto options I have are:
oma-i33-fw1/oma-prod(config)# crypto ?
configure mode commands/options:
ca Certification authority
key Long term key operations
oma-i33-fw1/oma-prod(config)# crypto
wtf? anyone?
Licensed features for this user context:
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Enabled
GTP/GPRS : Disabled
And from the system side:
oma-i33-fw1# sh ver | inc VPN
VPN-DES : Enabled
VPN-3DES-AES : Enabled
VPN Peers : 750
WebVPN Peers : 2
This platform has an ASA 5520 VPN Plus license.
oma-i33-fw1#
---
david raistrick http://www.netmeister.org/news/learn2quote.html
drais at icantclick.org http://www.expita.com/nomime.html
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list