[j-nsp] Help with vpn srx - asa
Ben Dale
bdale at comlinx.com.au
Mon Mar 5 08:55:06 EST 2012
If that is the actual config off the ASA, then another thing that may be affecting connectivity:
> crypto map foo 5 match address MYACL
> crypto map foo 5 set pfs <--------
> crypto map foo 5 set peer x.y.w.z
> crypto map foo 5 set transform-set ipsec-p2
> crypto map foo interface outside
you have PFS turned on - either turn it off on the ASA, or configure it on the SRX:
set security ipsec policy ipsec_pol_lan2remote perfect-forward-secrecy keys group2
Ben
More information about the juniper-nsp
mailing list