F5 TMOS 11.3 L2L vpn cisco ASA 8.4<

Hello, thanks here the config from ASA and F5. I masquate the orginal IP addressess

ASA configuration

object-group network vpn-destination network-object 172.16.1.0 255.255.255.0 object-group network vpn-source network-object host 10.10.10.10 object-group network test-source network-object host 192.168.100.2

access-list vpn-test extended permit ip object-group vpn-source object-group vpn-destination nat (inside,outside) source static test-source vpn-source destination static vpn-destination vpn-destination

crypto ipsec ikev1 transform-set ipsec-SET esp-3des esp-sha-hmac crypto ipsec fragmentation after-encryption inside crypto ipsec fragmentation after-encryption outside crypto isakmp identity address no crypto isakmp nat-traversal

crypto map outside_map 20 match address vpn-test crypto map outside_map 20 set pfs crypto map outside_map 20 set peer 4.4.4.4 crypto map outside_map 20 set ikev1 transform-set ipsec-SET crypto map outside_map interface outside crypto ikev1 enable outside crypto ikev1 policy 1 authentication pre-share encryption 3des hash sha group 2 lifetime 86400

tunnel-group 4.4.4.4 type ipsec-l2l tunnel-group 4.4.4.4 ipsec-attributes ikev1 pre-shared-key *****

F5 configuration

net ipsec ike-daemon ikedaemon { log-level debug2 } net ipsec ike-peer vpn { phase1-auth-method pre-shared-key preshared-key-encrypted Ta[_EjH>`O[1QNQ@=WohO=n:p6gHDR.J+U^B<0O@[0HNASg remote-address 2.2.2.2 verify-cert true } net ipsec ipsec-policy vpn-policy { ike-phase2-auth-algorithm sha1 ike-phase2-encrypt-algorithm 3des mode tunnel tunnel-local-address 4.4.4.4 tunnel-remote-address 2.2.2.2 } net ipsec traffic-selector vpn-selector { destination-address 172.16.1.0/24 direction in ipsec-policy vpn-policy source-address 10.10.10.10/32