Creating L2L Tunnel to IOS Endpoint

Hey All,
Quick questions. I've been reviewing the guides on Cisco and have yet to find an example of what I'm looking for. The scenario is that there will be a client device that uses DHCP on the WAN side. This device can authenticate using IPSec to a VPN termination device. On our hub end we want to use a Cisco IOS router to terminate the connection. My question is that this will not be exactly a L2L tunnel, the endpoint has a configuration to build in a username to authenticate with. So it appears the tunnel with authenticate using a username a pre-shared key, rather than PSK and configured remote IP address (since this is DHCP). I've found an example of this on Cisco here: http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_configuration_example09186a00800ae459.shtml. Unfortunately the example is from an IOS DHCP endpoint to a 3000-series concentrator. Anyone have a config example of what I'm looking for?
-Mike
http://cs-mars.blogspot.com

Mike,
When you say client device. Is it like a router or is it a PC.
If it is a PC, take a look at this link
Link:1
http://www.cisco.com/en/US/partner/products/sw/secursw/ps2308/products_configuration_example09186a00801c4246.shtml
If it is a device like a router or so, you need to configure the router just like one in the link given above
Link2:
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800945cf.shtml
But the server part is like Link 1.
Hope this helps.
Here is a good link for configuration of VPN on Cisco devices.
http://www.cisco.com/en/US/partner/tech/tk583/tk372/tech_configuration_examples_list.html
Rate this post, if it helps.
Thanks
Gilbert

Similar Messages

  • Two separate L2L tunnels between same two ASA

    I have a large MPLS fully meshed network with two main locations, both of which have an ASA with internet access as well as the MPLS access.  I need to be able to provide a backup connection between the two main locations in the event one of the MPLS links to one or the other goes down.
    I am considering using a L2L IPSEC tunnel between the two ASA's but the interesting traffic for the tunnel is different depending on which of the links is down and there fore I would need two different tunnels.  I have my servers and remote desktop servers at one of the main sites and the other main site has another organization attached to it externally that the servers must be able to access.
    Is there a way of creating two separate L2L tunnels between the two ASA's?  Could I perhaps assign two public IP addresses to each of the ASA's and then create the tunnels between different endpoints on each ASA?
    Does anyone have another possible solution to the problem? 
    Gene

    You should be able to do what you want using IP SLA. Please see this excellent blog post which documents one way to accomplish it.
    Hope this helps.

  • Oracle application having problem on PIX to ASA L2L tunnel.

    Hi ALL,
    My customer has performed a PIX migration to ASA5520 on last weekend. And the configuration on the new ASA5520 is almost the same as the original PIX515. There are several L2L vpn tunnel configuration on the ASA5520. After the migration, all VPN tunnel can establish without problem. But my customer found that their Oracle application running on one of the VPN tunnel has connectivity issue. This application did not have problem when in the original environment.
    This VPN tunnel is a L2L tunnel between remote and main office. In remote office, the VPN endpoint is a PIX515E w/ OS 7.0(5). In main office is an ASA5520 with 7.2(2). The original firewall in main office is a PIX 515 w/ 7.0(5). The IPSec match address list is an IP network to IP network access list without port definition.
    We found that the Oracle client on remote office can connect to the port opened on the Oracle server on main office. But after connected to the port on the server, the application will re-establish a new connection using random port between this client and server, and this new connection seems to not able to establish.
    Anyone can tell me that is it possible to impact the Oracle application on this IPSec tunnel? The ACL is an IP to IP acl. What can I do to troubleshoot this issue? Why the issue rise on the new ASA implementation?
    I'm looking forward to your reply! Please help!
    Jason

    Hi,
    Here is the end to end troubleshooting steps for L2L tunnel.
    Please check debug commands carefully you will get your key point where is troubble.
    http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml
    Regards,
    Dharmesh Purohit

  • Is it still possible to downgrade from ios 6 to ios 5.1.1 on my ipod touch 4th gen as of Sept.24?Also, if I use a backup created AFTER updating to ios 6 when I restore/downgrade to ios 5.1.1, does it become ios 6 again because of the backup?

    Is it still possible to downgrade from ios 6 to ios 5.1.1 on my ipod touch 4th gen as of Sept.24? Also, if I use a backup created AFTER updating to ios 6, when I restore/downgrade to ios 5.1.1, does it become ios 6 again because of the version of ios 6 that I created the backup on?

    There has never been a legit way to downgrade.
    It will always restore to the latest available software.

  • ASA - ICMP works on a L2L tunnel but TCP fails.

    All,
    I have just started to work with the ASA's and I have a couple of problems with two 5510 8.4(1) ASA's supporting a L2L tunnel.
    Problem-1:
    Below  is the topology and currently the only config on these ASA's is what is  required to get the LAN2LAN tunnel setup and nothing more. ASA01 and ASA02 are the tunnel termination devices.
    LAN A->Routing device->ASA-01 ----->Internet<------------ASA-02<-Routing device<-LAN2
    Below is what is working
    - Tunnel is established between the ASA's.
    - I can ping from LAN A to LAN B and viceversa.
    Below is not what is working
    - I cannot RDP from a device in LAN A to LAN B and vice versa.
    What we found in troubleshooting when we initiate a RDP session from a server in LAN-A to Server in LAN-B.
    - The packet capture on  ASA - A shows that the SYN leaves the ingress(LAN interface).
    -  The packet capture on ASA - B shows that the SYN is leaving the LAN interface.
    -  Dont see a SYN-ACK on ASA-B. First we thought there might be a  different reason(detailed below as problem-2) but we dont see the  syn-ack on ASA-A either.
    - Doing a asp-drop capture on ASA-B we saw that the SYN,ACK from server in LAN-B is being dropped with the following message
    Drop-reason: (tcp-not-syn) First TCP packet not SYN
    Any ideas on why ASA-B doesnt treat this is as a established tcp session?
    Problem -2
    On the packet capture wizard in ASDM if I do a  capture on the LAN interface of the ASA02 I can only see packets  leaving the ASA towards the LAN but I do not see anything coming back  into the interface from the LAN interface. This works the same whether I  do a ICMP or a TCP session(RDP).
    For example - Ping from a server on LAN A to LAN B
    - On ASA01
    The packet capture wizard shows both icmp-echo from LAN-A and icmp-reply from LAN-B
    - On ASA02
    The packet capture wizard shows icmp-echo from LAN-A both not the icmp-reply from LAN-B.
    I am not sure what the reason for both the problems above and the reasons might just be that my skill level with ASA's are just not there yet. Any guidance will be great appreciated.
    Thanks,
    Vishnu

    Hello Vishnu,
    Any ideas on why ASA-B doesnt treat this is as a established tcp session?
    This is happening because the ASA is not seeing the entire 3 way hanshake, Are you sure all the packets are going across the ASA??? I would recommend you to do captures on both inside interfaces just for RDP traffic and attach them to this post so I can correlate to determine if indeed the ASA is receving what it needs.
    On the packet capture wizard in ASDM if I do a  capture on the LAN interface of the ASA02 I can only see packets  leaving the ASA towards the LAN but I do not see anything coming back  into the interface from the LAN interface. This works the same whether I  do a ICMP or a TCP session(RDP).
    That's exactly the reason of why this problem is happening, Good job correlating the facts,
    Resolution of the issues:
    I would say the problem is on the Routing device between ASA-2 and the LAN-2...
    Make sure the Routing device knows that in order to reach the LAN-1 it needs to send the traffic back to the ASA-2 as somehow this traffic is not making it on the right interface,
    Remember to rate all of the helpful posts. That's as important as a Thanks.
    Julio Carvajal Segura

  • How to embed and launch ipa file from another ipa package created using Air for iOS

    Hi Guys,
    Anybody out there knowing how to embed and launch ipa file from another ipa package created using Air for iOS ?
    I am having 1 ipa file created using Xcode, Now i need to include that file in my ipa Package which is created using Flash CS 5.5 and Air for iOS. Also i need to know how to open my 1st ipa file from AS3 ?
    Thanks,

    Hi Sir,
    Thanks for your reply.
    But in that case user need to download 2 applications right. I need user to download my parent application created using Flash and that package contain one more ipa created using Xcode, so from my parent app only user should able to open my 2nd app. Is there any way to do that?
    Ps:  I am not talking about in-app but 2 individual apps inside one package.

  • This version of iMovie cannot import Trailers created in iMovie for iOS.

    I have the latest verison of iMovie on both my Mac and iPad 3g. I used a trailer on the iPad iMovie and exported it to iTunes. On my Mac I went to iTunes and pulled the file down and clicked to open it. After iMovie can up it dispalyed "This version of iMovie cannot import Trailers created in iMovie for iOS."
    How can this be?

    I'm having the same problem.  I've check the instructions for exporting a Movie trailer that can be found in iMovie for iOS 6 and have followed them to a tee, numerous times.  Each time i export a trailer i've created using the iPad, i can easily save it to my MacBookPro.  But iMove on my laptop refuses to import a movie with the suffix ".iMoveTrailer", which is what you get in iMove for iOS6 when you export and use iTunes in Mac OS to save the file.  How strange?  There must be someting wrong going on here.  Anyoner have any thoughts?  I'm just trying to save an iMove trailer from the iPad and would like to burn it to a DVD to give to friends.  Hmmmm.....

  • Can WLC create EoIP tunnels to more than one Anchor Controllers

    Hello,
    Is it possible to create EoIP tunnels to two different Anchor Controllers on two different DMZs from a single WLC. So we can tunnel the traffics of two SSIDs to different DMZ environments.
    Anchor Controllers can create 71 connections to Foreign Controllers, but can Foreign Controllers create EoIP tunnels to more than 1 Anchors.
    Regards,
    Sinan

    Just to note, an anchor WLC can be a WLC in the DMZ or even another foreign WLC which you want to anchor an SSID to.  You only limited in very large environments when you might hit that max limit. 
    -Scott

  • How to create a calendar on iOS 7?

    How to create a calendar on iOS 7? I want to use dayforce to upload my work schedule onto my iPhone but I can't create a calendar on my phone... Help?

    Check the App I mentioned above.
    To add a normal Calendar go to Settings > Mail, Contacts, Calendars > Add Account > Other > Calendars and select what is appropriate for DayForce.

  • How to create a pager like iOS

    Hello forum,
    I need to create an effect like iOS pager.
    I need to create a StackPane with this layers:
    1st layer a TableView
    2nd layer a button ancor on right.
    I need a clickable cell's table and button.
    Can u help me?
    Thanks in advanced

    Sure it can be done in AI, so what is actually your question?
    Mylenium

  • Long shot question about L2L tunnel

    I have a Cisco 5540 that terminates one end of a L2L tunnel, the remote end is a Sonicwall TZ100.  The tunnel is in place to carry voice traffic and I have a need to decrypt the traffic that's been captured in .cap file using Wireshark 1.8.5.
    Anyone have any thoughts on how to go about getting the session keys from either device?

    Hi,
    Nice find and interesting read. Might have to take a look at this at some point
    Are you capturing traffic on the ASA "outside" interface?
    I guess there must be a specific reason that you didnt capture the traffic before/after the tunnel on the "inside" interface of the ASA? Maybe see that the same traffic/data was passed on to the L2L VPN after the ASA had encrypted/encapsulated the traffic?
    - Jouni

  • Create a iPhone 5 iOs app from a Digital Publishing Suite folio

    I had the single DPS edition that I upgrade to Enterprise in order to make iPhone iOs app from InDesign Folio. I did a iPad single App before with the DPS single edition now I want iPhone
    but I can not manage to create a iPhone 5 iOs app from a Digital Publishing Suite from a folio made on Adobe inDesign CS6 with iPhone 5 Resolution 1 136 x 640 pixels.
    Question :
    is this possible and how to do it (i tried so many ways)
    if not i just want to understand what is it really possible to do with DPS on iPhone ...

    You use App Builder to create an application with both iPad and iPhone checked on the first page. Then you publish your two folios by going to http://digitalpublishing.acrobat.com/. The viewer will automatically show the right size one in the library for each device.
    It is not possible to have only one folio for each format that launches directly. The only way to get content onto an iPhone with DPS is to do a multi-issue ("multiple publication") application.
    Neil

  • Create xml file in iOS

    How to create xml file in iOS and how to send data to web using SOAP protocol.

    How do you create xml files in iOS and how do you send data to the web using a SOAP protocol?
    Is that what you meant to say?

  • Creating apps for Apple iOS

    Hi all,
    I was astonished to see Adobe's german website stating that RoboHelp can create mobile Apps for iOS, Android, Blackberry, Windows and Symbian.
    From what I understand, only Android is possible at the moment. This works fine for me, I have installed some test projects and am wondering.. is it possible to manually convert the HTML5 output into other OS formats using Phonegap? Originally Phonegap supports the other OS but in the RoboHelp UI only Android settings are available. Has anybody tried this yet?
    Robert

    All iOS apps have to be downloaded from the App Store and my understanding is that you cannot restrict who can download. That is something I will check with someone else. To get the app in the store I understand you will need a Mac machine and a developer, they need to have a licence or some authorisation. If I am correct about who can download, then you are no better off than having the information on a web server and that is an easier solution.
    You can see how this output works using the link below and you can download the project.
    http://www.grainge.org/demos/html5 Access it using an iOS device, an Android device and a PC and you will see different layouts.
    http://www.grainge.org/downloads/empcareus.zip Will download the Rh10 project.
    See www.grainge.org for RoboHelp and Authoring tips
    @petergrainge

  • Is it possible to allocate bandwidth to an application in an L2L tunnel?

    Hi,
    In an L2L tunnel, we wanted to allocate bandwidth for all users in Site A when accessing applications (Web-based and thick) in a server in Site B. The responses for both applications are not acceptable.
    The same VPN link between the two sites is also used by other applications i.e. DC replication, etc. and the Internet link used for VPN is also used for SMTP and Lotus Notes.
    In Site A, the tunnel is terminated outside of the PIX 7.2(2) and Site B is terminated outside of ASA 5510 7.2(2). The routers infront of these firewalls have PBR such that PAT?ed address from the firewall is routed to the ADSL instead of the serial interface.
    If we?ll upgrade the Internet line, I have to make sure that it will resolve the issue.
    Thanks in advance.
    Regards,
    Archie

    Hi,
    Thanks.
    - The first challenge is where to apply QoS i.e. do traffic policing/allocate bandwidth for IPSec use. My guess is on the router but I'm not 100% sure.
    -If on the router, what's the command?
    - Once the first challenge is done, can I do traffic policing on applications inside VPN which are terminated on PIX and ASA?
    Regards,
    Archie

Maybe you are looking for

  • Unable to log into Facebook for BlackBerry 10 since last year

    Please help me understand why the facebook app for BlackBerry 10 doesn't allow me to login at all. See the attached screen shot which may not successfully load (error message reads as follows "sorry, an unexpected error occurred. Please try again lat

  • How do you Sync Cals and Contacts when not connected to internet?

    I Often take my macbook along with me to work. I cannot connect to the internet there. MacBook is set to use MobileMe. When I sync my iPhone 3G with my MB it wont sync updates I made on the laptop. When I go into the info tab in iTunes it states it w

  • Replacing a german version with a united states version

    I really don't want to delete my mozilla web browser because I really managed all my tabs and I dont want to change or lose them. however I downloaded mozilla when i lived in Germany and I am now having a hard time trying to switch it over to the US

  • Matching EMP and DEPT

    Hi all, 11.2.0.1 I have departments in table DEPT which are  10 and 20. Department 10 has 100 employees in EMP while Department 20 has none in EMP, so it has no matching rows. How can I create a query such that all dept with no EMP will be displayed:

  • Unknown error when burning disc

    I get an unknown error when burning playlists to blank discs.  My computer begins to write the discs, but stops after a song or two.