Job Search, Job Listing, Opportunity
Work at home job, job vacancy
find a job, vacancy list, cari lowongan
Butuh, Segera, secretary, director
« MERRY CHRISTMAS to one and all
CCIE RS LAB in Jan/Feb 2009 »

ASA:dynamic map entry before regular map.

December 29, 2008 @ 1:09 pm · Filed under CCIE Study


Hello Freinds,
ASA is configured correctly to support remote access VPN clients as well as for a lan to lan tunnel to another ASA. I spent half day trouble shooting why the L2L tunnel did not come up until I had a look at the Solution guide which has Dynamic map entry applied after L2L crypto map.
ASA2:
crypto map VPN 100 ipsec-isakmp dynamic DYNAMIC (this is for RA)
and
crypto map VPN 10 …args (for l2l , remote node is ASA1)
I could not figure out why L2L tunnel did not come up when I had dynamic entry applied before L2L entry and both were using different Transform Set.
When tunnel is initiated from ASA1 then should not it move to next VPN entry if the transform set did not match in the dynamic map?

-Ajay
Blogs and organic groups at http://www.ccie.net

Bookmark this post:These icons link to social bookmarking sites where readers can share and discover new web pages.
  • blinkbits
  • BlinkList
  • blogmarks
  • co.mments
  • connotea
  • del.icio.us
  • De.lirio.us
  • digg
  • Fark
  • feedmelinks
  • Furl
  • LinkaGoGo
  • Ma.gnolia
  • NewsVine
  • Netvouz
  • RawSugar
  • Reddit
  • scuttle
  • Shadows
  • Simpy
  • Smarking
  • Spurl
  • TailRank
  • Wists
  • YahooMyWeb
keywords found: remote figure blogs spent trouble access solution 

Leave a Comment

Related Post