[c-nsp] ASA doesn't like ipsec...
jason.plank at comcast.net
jason.plank at comcast.net
Thu Sep 25 13:23:49 EDT 2008
I'm pretty sure that you are out of luck if you are using multiple contexts.
--
Regards,
Jason Plank
CCIE #16560
e: jason.plank at comcast.net
-------------- Original message ----------------------
From: david raistrick <drais at icantclick.org>
>
> Guys,
>
> Trying to turn up a vpn on a newly reinstalled (and out of support) pair
> of asa 5520s.
>
> They're running in multiple context mode, and active/standby.
>
> I've searched and searched to no avail, but man this seems familiar..
>
> running 8.04. in ASDM there is no VPN wizard to try. (only setup and
> HA).
>
>
> Step 2 of vpnsetup site-to-site steps:
>
> oma-i33-fw1/oma-prod(config)# crypto isakmp policy 10
> ^
> ERROR: % Invalid input detected at '^' marker.
> oma-i33-fw1/oma-prod(config)#
>
>
> The only crypto options I have are:
>
> oma-i33-fw1/oma-prod(config)# crypto ?
>
> configure mode commands/options:
> ca Certification authority
> key Long term key operations
> oma-i33-fw1/oma-prod(config)# crypto
>
>
>
>
>
>
> wtf? anyone?
>
> Licensed features for this user context:
> Failover : Active/Active
> VPN-DES : Enabled
> VPN-3DES-AES : Enabled
> GTP/GPRS : Disabled
>
>
> And from the system side:
>
> oma-i33-fw1# sh ver | inc VPN
> VPN-DES : Enabled
> VPN-3DES-AES : Enabled
> VPN Peers : 750
> WebVPN Peers : 2
> This platform has an ASA 5520 VPN Plus license.
> oma-i33-fw1#
>
>
>
>
>
>
> ---
> david raistrick http://www.netmeister.org/news/learn2quote.html
> drais at icantclick.org http://www.expita.com/nomime.html
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list