Forum Discussion
Schrier_58326
Nimbostratus
NimbostratusF5 TMOS 11.3 L2L vpn cisco ASA 8.4<
textWe want to setup a Site-2-Site vpn tunnel from F5 TMOS to a cisco ASA.
We used IKEV1, SHA, 3DES and ESP phase 2.
The VPN tunnel will establish isakmp (phase1)
-- [root@F5:Active:In Sync] con...
Vitaliy_Savrans
Nacreous
NacreousFor visibility I make some "translation":
on ASA side:
access-list vpn-test extended permit ip object-group vpn-source object-group vpn-destination
access-list vpn-test extended permit ip host 10.10.10.10 172.16.1.0 255.255.255.0
also you have: nat (inside,outside) source static test-source vpn-source destination static vpn-destination vpn-destination
on F5 side:
net ipsec traffic-selector vpn-selector { destination-address 172.16.1.0/24 direction in ipsec-policy vpn-policy source-address 10.10.10.10/32
in cisco cli it looks like:
access-list vpn-selector permit ip host 10.10.10.10 172.16.1.0 255.255.255.0
I think you access-list on ASA must be: access-list vpn-test extended permit ip 172.16.1.0 255.255.255.0 host 10.10.10.10
