[c-nsp] IOS/ASA VPN interop question

Tom Devries Tom.Devries at rci.rogers.com
Wed Oct 27 11:40:33 EDT 2010


Hi,

This is more of an interop question.  When trying to establish a vpn
between a J series SRX device and a C series IOS/ASA device, does anyone
know if the C device will accept a proxy id of 0.0.0.0/0.0.0.0/0 in the
SA creation?

Reason I ask is in J series SRX "route-based" vpn the proxy ID's for
local/remote/service will be zero'd by default, and also when there are
multiple networks behind the SRX that need encryption.

If anyone has done a J series route based vpn to C series IOS/ASA, I'd
be curious if you managed to establish SAs without specifying proxy-id
on the J side?  Is GRE my only real option?

Thanks,
Tom
-------------- next part --------------

This e-mail (and attachment(s)) is confidential, proprietary, may be subject to copyright and legal privilege and no related rights are waived. If you are not the intended recipient or its agent, any review, dissemination, distribution or copying of this e-mail or any of its content is strictly prohibited and may be unlawful. All messages may be monitored as permitted by applicable law and regulations and our policies to protect our business. E-mails are not secure and you are deemed to have accepted any risk if you communicate with us by e-mail. If received in error, please notify us immediately and delete the e-mail (and any attachments) from any computer or any storage medium without printing a copy.

Ce courriel (ainsi que ses pi?ces jointes) est confidentiel, exclusif, et peut faire l?objet de droit d?auteur et de privil?ge juridique; aucun droit connexe n?est exclu. Si vous n??tes pas le destinataire vis? ou son repr?sentant, toute ?tude, diffusion, transmission ou copie de ce courriel en tout ou en partie, est strictement interdite et peut ?tre ill?gale. Tous les messages peuvent ?tre surveill?s, selon les lois et r?glements applicables et les politiques de protection de notre entreprise. Les courriels ne sont pas s?curis?s et vous ?tes r?put?s avoir accept? tous les risques qui y sont li?s si vous choisissez de communiquer avec nous par ce moyen. Si vous avez re?u ce message par erreur, veuillez nous en aviser imm?diatement et supprimer ce courriel (ainsi que toutes ses pi?ces jointes) de tout ordinateur ou support de donn?es sans en imprimer une copie. 


More information about the cisco-nsp mailing list