The Topology
We have tried 1 bilion of solution but we have always the same problem, the IKE Phase 1 fails :wacko:
Configuration of ASA
______________________
conf t
hostname ASA
end
conf t
interface Ethernet 0/0
nameif inside
security-level 100
ip address 172.16.201.1 255.255.255.0
no shutdown
end
conf t
interface Ethernet 0/1
nameif outside
security-level 0
ip address e.f.g.h 255.255.255.0
no shutdown
end
! STEP 1: enable isakmp
configure terminal
isakmp enable outside
end
! STEP 2: create the isakmp policy
configure terminal
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
end
! STEP 3: set the tunnel type
configure terminal
tunnel-group a.b.c.d type ipsec-l2l
end
! STEP 4: configure isakmp pre-shared key
configure terminal
tunnel-group a.b.c.d ipsec-attributes
pre-shared-key CiscoASAProva
end
! STEP 5: define IPSec policy
configure terminal
crypto ipsec transform-set MYSET esp-3des esp-md5-hmac
end
! STEP 6: specify interesting traffic
configure terminal
access-list encrypt-acl extended permit ip 172.16.201.0 255.255.255.0 172.16.200.0 255.255.255.0
management-access inside
end
! STEP 7: configure a crypto map
configure terminal
crypto map IPsec_map 10 set peer a.b.c.d
crypto map IPsec_map 10 set transform-set MYSET
crypto map IPsec_map 10 match address encrypt-acl
crypto map IPSec_map 10 set pfs group2
end
! STEP 8: apply the crypto map to an interface
configure terminal
crypto map IPsec_map interface outside
end
! STEP 9: configuring traffic filtering
configure terminal
sysopt connection permit-ipsec
end
! STEP 10: bypassing NAT (optional)
configure terminal
access-list nonat extended permit ip 172.16.201.0 255.255.255.0 172.16.200.0 255.255.255.0
nat (inside) 0 access-list nonat
end
! ROUTE (is necessary?????)
route outside 0.0.0.0 0.0.0.0 a.b.c.d
___________________________________________________
MONOWALL config
______________________________________________________
