How to configure one way VPN tunnel on the PIX/ASA
If you set up the PIX/ASA on main site in order to initiate VPN tunnel and remote site, only the main site should be able to initiate the tunnel. The remote site should not be able to initiate the VPN connection.
In order to have the VPN tunnel be initiated only from one end, configure the head end of the connection as originate-only with the originate-only keyword in the crypto map entry, and the remote end with answer-only keyword.
Refer to this crypto map configuration example on main site:
crypto map outside_map 20 match address 102
crypto map outside_map 20 set peer 10.10.10.1
crypto map outside_map 20 set connection-type originate-only
crypto map outside_map 20 set transform-set ESP-AES-256-SHA
crypto map outside_map interface outside
For the remote site:
crypto map vpn_map 20 match address 101
crypto map vpn_map 20 set peer 10.10.20.20
crypto map vpn_map 20 set connection-type answer-only
crypto map vpn_map 20 set transform-set ESP-AES-256-SHA
crypto map vpn_map interface outside
you can also grab the RSS feed or Subscribe to Techgurulive by Email
Not Getting
Once you have Installed and configured your VPN Server, The next step is to test it , For that you need to setup a vpn client in any of your...
Installation is not complete until you test it. You can test your Apache installation in a variety of ways. I test the installation in two ways. First, I check the...
