[j-nsp] Help with vpn srx - asa

Ben Dale bdale at comlinx.com.au
Mon Mar 5 08:55:06 EST 2012


If that is the actual config off the ASA, then another thing that may be affecting connectivity:

> crypto map foo 5 match address MYACL
> crypto map foo 5 set pfs <--------
> crypto map foo 5 set peer x.y.w.z
> crypto map foo 5 set transform-set ipsec-p2
> crypto map foo interface outside

you have PFS turned on - either turn it off on the ASA, or configure it on the SRX:

set security ipsec policy  ipsec_pol_lan2remote perfect-forward-secrecy keys group2

Ben


More information about the juniper-nsp mailing list