[j-nsp] Help with vpn srx - asa

bizza bizzam at gmail.com
Mon Mar 5 09:07:02 EST 2012


On Mon, Mar 5, 2012 at 2:55 PM, Ben Dale <bdale at comlinx.com.au> wrote:
> If that is the actual config off the ASA, then another thing that may be affecting connectivity:
>
>> crypto map foo 5 match address MYACL
>> crypto map foo 5 set pfs <--------
>> crypto map foo 5 set peer x.y.w.z
>> crypto map foo 5 set transform-set ipsec-p2
>> crypto map foo interface outside
>
> you have PFS turned on - either turn it off on the ASA, or configure it on the SRX:
>
> set security ipsec policy  ipsec_pol_lan2remote perfect-forward-secrecy keys group2

thank you ben, I'm still waiting that in the other side they change
the asa configuration, but now I suppose that all works fine

regards
Marco
-- 
bizza



More information about the juniper-nsp mailing list