Sep 08

How to configure one way VPN tunnel on the PIX/ASA

Cisco, Firewall Add comments
1,139

If you set up the PIX/ASA on main site in order to initiate VPN tunnel and remote site, only the main site should be able to initiate the tunnel. The remote site should not be able to initiate the VPN connection.

In order to have the VPN tunnel be initiated only from one end, configure the head end of the connection as originate-only with the originate-only keyword in the crypto map entry, and the remote end with answer-only keyword.

Refer to this crypto map configuration example on main site:

crypto map outside_map 20 match address 102
crypto map outside_map 20 set peer 10.10.10.1
crypto map outside_map 20 set connection-type originate-only
crypto map outside_map 20 set transform-set ESP-AES-256-SHA
crypto map outside_map interface outside

For the remote site:

crypto map vpn_map 20 match address 101
crypto map vpn_map 20 set peer 10.10.20.20
crypto map vpn_map 20 set connection-type answer-only
crypto map vpn_map 20 set transform-set ESP-AES-256-SHA
crypto map vpn_map interface outside


Tags:, , , , , , , ,

Liked this article? To continue getting our latest free Howtos and Tutorials,
you can also grab the RSS feed or Subscribe to Techgurulive by Email

Not Getting


Related posts
  • How to Configure a VPN Client Under Windows Machine
  • How to Test Apache Installation

    • Comments are closed.



    This Howtos posted under" Cisco, Firewall

    How to configure one way VPN tunnel on the PIX/ASA


    Find Free Howtos and tutorials on apache, Linux, windows, php, Networking, MySQL, Cisco, open source, Nas, Virtualization, voip, vpn, email,send mail, lamp, security, SEO, squid, Anti virus, Backup, Database and many more