• Advertisement

VPN on ASA5510 from Static to Multiple Dynamic peers.

IPsec, L2TP, Split tunneling, PPTP and all other VPN related posts.

VPN on ASA5510 from Static to Multiple Dynamic peers.

Postby Guest » Sun Jan 09, 2011 2:10 pm

Dear all,

 

I have the following configuration:

 

crypto ipsec transform-set myset esp-3des esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map cisco 1 set transform-set myset
crypto map dyn-map 20 ipsec-isakmp dynamic cisco
crypto map dyn-map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
crypto isakmp policy 20
authentication pre-share
encryption des
hash md5
group 2
lifetime 86400

tunnel-group DefaultL2LGroup ipsec-attributes
pre-shared-key *************

 

This configuration is working for a single dynamic peer, and it actually works also if I add peers with the same pre-shared-key.

 

However I would like to add different tunnel groups for many different dynamic peers in order to have different preshared keys for each one; I tried many times but I can see neither phase 1 working.

 

Can someone help me with this?

 

Many thanks.

Guest
 

Advertisement

Re:VPN on ASA5510 from Static to Multiple Dynamic peers.

Postby Guest » Sun Jan 09, 2011 3:32 pm

You would only need to configure 1 dynamic map for all the different groups to connect.

 

To configure different pre-share key, you can create multiple tunnel-group.

 

Example:

tunnel-group <name-of-new-group> type remote-access

tunnel-group <name-of-new-group> ipsec-attributes

     pre-shared-key <the-actual-preshared-key>

 

So to put it into context:

tunnel-group group-A type remote-access

tunnel-group group-A ipsec-attributes

     pre-shared-key group-A-password

 

tunnel-group group-B type remote-access

tunnel-group group-B ipsec-attributes

     pre-shared-key group-B-password

 

So for group-A, the groupname that you enter into the vpn client will be group-A, and the preshared key is group-A-password.

 

Hope that helps.

Guest
 

Re:VPN on ASA5510 from Static to Multiple Dynamic peers.

Postby Guest » Sun Jan 09, 2011 4:24 pm

Hi Jennifer,

 

thanks for the reply.

Maybe I explained myself in a bad way: the multiple dynamic peers aren users but soho routers (like zyxel, netgear); its not possible to use the vpn client with them.

 

My doubt is if its possible to do this kind of configuration.

 

Many thanks.

Luca

Guest
 

Re:VPN on ASA5510 from Static to Multiple Dynamic peers.

Postby Guest » Sun Jan 09, 2011 4:39 pm

If its dynamic to static LAN-to-LAN IPSec tunnel, then the answer is no, you can define different pre-shared-key for dynamic lan-to-lan tunnels because the peer ip address could be different. However, if the peer address is static, then you can create static crypto map (however, that requires static configuration for each remote peer).

Guest
 



  • Advertisement


Similar topics

ASA 5520 multiple context mode question
Forum: Cisco Security
Author: Anonymous
Replies: 6

Broadcast Multiple SSID
Forum: Cisco Wireless
Author: Anonymous
Replies: 0

VPN on ASA5510
Forum: Virtual Private Networks
Author: Anonymous
Replies: 0

Problem with multiple ssid on cisco aironet 1130g
Forum: Cisco Switching
Author: Anonymous
Replies: 0

Multiple Cisco 520G AP Deployment
Forum: Cisco Security
Author: Anonymous
Replies: 0


Return to Virtual Private Networks

Who is online

Users browsing this forum: No registered users and 1 guest