We have VPN tunnel with our customer and they sent their side VPN config and i am trying to put that config in my Cisco ASA 5585 (9.x) version and it has missing crypto keyring
command
Customer config (remote)
crypto isakmp policy 1
authentication pre-share
encryption 3des
hash md5
group 1
!
!
crypto keyring 1
pre-shared-key address x.x.x.x key xusbqVUWBKQbbksbGFVVWUHBkiiy829jkh
!
crypto isakmp profile 1
keyring 1
self-identity address X.X.X.X
match identity address X.X.X.X
no initiate mode
!
crypto ipsec transform-set TSET esp-3des esp-md5-hmac
!
!
crypto map 1 1 ipsec-isakmp
set peer X.X.X.X
set transform-set TSET
set isakmp-profile 1
match address 101
set pfs l
We have many other tunnel and they all have ikev1
also we have tunnel-group
also wonder why above config doesn't have tunnel-group
Best Answer
The configuration from your customer is a Cisco IOS crypto configuration from a Cisco router, it is not interchangeable with Cisco ASA software.
You will need to take the relevant portions of that configuration (PSK, peer IP, crypto ACL) and put them into a Cisco ASA configuration like your existing tunnels.
It would presumably be similar to the below: