Tunnel protection ipsec profile vtiprofile crypto ipsec ikev2 ipsec-proposal vtiproposal
Cisco asa activation key gui code#
Note: As of code 9.8.1 IKEv2 is now supported as well, if you’re interested in the IKEv2 version for the config, please see below:Īssume this is just one side and the wan on the other ASA’s WAN IP is 2.0.0.2 in the below example. Tunnel protection ipsec profile IPSECPROF Set security-association lifetime seconds 86400 Set security-association lifetime kilobytes unlimited The first command clamps the TCP MSS/payload to 1350 bytes, and the second command keeps stateful connections even if the vpn temporarily drops.Ĭrypto ipsec ikev1 transform-set TUNNELTRANS esp-aes esp-sha-hmac I was able to get this to work with 0 packet loss!įirst of all let’s apply some good practice config’s to make this tunnel a little more stable and perform better.Īpply the following to both ASA’s: enable
Update: as of 9.9.2 BGP is still the only supported protocol, which is not really an issue as we can always redistribute Also BFD is not supported on the tunnel interfaces yet. So as of we must use BGP to advertise over this tunnel.
The tunnel interface won’t turn to a point-to-point link. Even with the static neighborship command. Notice: Currently OSPF, and EIGRP are not yet supported to run over the tunnel interface. Route based VPN with VTIs, and bridge groups! This article will show a quick configuration of a route based VPN with ASAs! Previously to do something like this you would need to build a GRE tunnel over IPSEC with a second router terminating GRE. With code 9.7 released Cisco decided to add two VERY important features.
0 kommentar(er)
