[c-nsp] IOS/ASA VPN interop question

Tom Devries Tom.Devries at rci.rogers.com
Wed Oct 27 12:49:27 EDT 2010 

Thanks!  For some reason this didn't occur to me but seems this should
work.

Tom

-----Original Message-----
From: Ryan West [mailto:rwest at zyedge.com] 
Sent: October-27-10 12:09 PM
To: Tom Devries; cisco-nsp at puck.nether.net
Subject: RE: IOS/ASA VPN interop question

Tom,

>From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Tom Devries
>Sent: Wednesday, October 27, 2010 11:41 AM
>
>Hi,
>
>This is more of an interop question.  When trying to establish a vpn
between a J series SRX device and a C series IOS/ASA device, does anyone
know if the C device will accept a proxy id of 0.0.0.0/0.0.0.0/0 in the
SA creation?

I've done this with an SSG in the past, it was pretty ugly, but I
blocked all address ranges from being considered interesting traffic
with denies in the beginning and then included my interesting with an
any any at the end.

object-group network cust_exclude
 network-object 0.0.0.0 128.0.0.0
.....
Network-object 192.0.0.0 192.0.0.0

access-list cust_vpn deny ip any obj cust_exclude
access-list cust_vpn permit ip any any

-ryan

-------------- next part --------------

This e-mail (and attachment(s)) is confidential, proprietary, may be subject to copyright and legal privilege and no related rights are waived. If you are not the intended recipient or its agent, any review, dissemination, distribution or copying of this e-mail or any of its content is strictly prohibited and may be unlawful. All messages may be monitored as permitted by applicable law and regulations and our policies to protect our business. E-mails are not secure and you are deemed to have accepted any risk if you communicate with us by e-mail. If received in error, please notify us immediately and delete the e-mail (and any attachments) from any computer or any storage medium without printing a copy.

Ce courriel (ainsi que ses pi?ces jointes) est confidentiel, exclusif, et peut faire l?objet de droit d?auteur et de privil?ge juridique; aucun droit connexe n?est exclu. Si vous n??tes pas le destinataire vis? ou son repr?sentant, toute ?tude, diffusion, transmission ou copie de ce courriel en tout ou en partie, est strictement interdite et peut ?tre ill?gale. Tous les messages peuvent ?tre surveill?s, selon les lois et r?glements applicables et les politiques de protection de notre entreprise. Les courriels ne sont pas s?curis?s et vous ?tes r?put?s avoir accept? tous les risques qui y sont li?s si vous choisissez de communiquer avec nous par ce moyen. Si vous avez re?u ce message par erreur, veuillez nous en aviser imm?diatement et supprimer ce courriel (ainsi que toutes ses pi?ces jointes) de tout ordinateur ou support de donn?es sans en imprimer une copie.

More information about the cisco-nsp mailing list