Доброго вечера.
Просьба подсказать где что не верно.
Дано ЦО asa 5515-x конфиг (к ней подключены уже несколько asa и все работает)
Код:
object-group network DM_INLINE_NETWORK_1
network-object 10.1.0.0 255.255.0.0
object-group network REGION
network-object 192.168.1.0 255.255.255.0
access-list VPN_REGION extended permit ip object-group DM_INLINE_NETWORK_1 object-group REGION
crypto ipsec ikev1 transform-set VPN-TF-SET esp-3des esp-sha-hmac
crypto map DEF_CMAP 34 match address VPN_REGION
crypto map DEF_CMAP 34 set pfs group1
crypto map DEF_CMAP 34 set peer 7.7.7.7
crypto map DEF_CMAP 34 set ikev1 transform-set VPN-TF-SET
crypto map DEF_CMAP interface WAN
crypto ikev1 enable WAN
crypto ikev1 policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
tunnel-group 7.7.7.7 type ipsec-l2l
tunnel-group 7.7.7.7 ipsec-attributes
ikev1 pre-shared-key *****
Новая asa 5506
конф
Код:
object-group network LOCAL
network-object 192.168.1.0 255.255.255.0
object-group network MSK
network-object 10.1.0.0 255.255.0.0
access-list outside_cryptomap extended permit ip object-group LOCAL object-group MSK
crypto ipsec ikev1 transform-set VPN-TF-SET esp-3des esp-sha-hmac
crypto map outside_map 10 match address outside_cryptomap
crypto map outside_map 10 set pfs group1
crypto map outside_map 10 set peer 8.8.8.8
crypto map outside_map 10 set ikev1 transform-set VPN-TF-SET
crypto map outside_map interface outside
crypto ikev1 enable outside
crypto ikev1 policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
tunnel-group 8.8.8.8 type ipsec-l2l
tunnel-group 8.8.8.8 ipsec-attributes
ikev1 pre-shared-key *****
debug crypro ikev1 127 или 255 ничего не выдает.
Может кто сможет подсказать в чем накосячил. Спасибо.