No I hadnt associated the trustpoint. I have now and it works a treat.
Thanks Kings.
Config and show output it below:
CCIELAB-ASA01# show run crypto map
crypto map VPN 10 match address VPN11
crypto map VPN 10 set peer 10.100.3.3
crypto map VPN 10 set transform-set 3DESMD5
crypto map VPN 10 set security-association lifetime seconds 28800
crypto map VPN 10 set security-association lifetime kilobytes 4608000
crypto map VPN 10 set trustpoint CCIESEC
crypto map VPN interface outside
CCIELAB-ASA01# show crypto isa sa
Active SA: 1
Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)
Total IKE SA: 1
1 IKE Peer: 10.100.3.3
Type : L2L *Role : initiator *
Rekey : no State : MM_ACTIVE
On Mon, Jun 6, 2011 at 11:13 AM, Kingsley Charles <
[email protected]> wrote:
> Have you associated the trustpoint to the crypto map?
>
> With regards
> KIngs
>
> On Mon, Jun 6, 2011 at 10:01 PM, Mark Senteza <[email protected]>wrote:
>
>> Hey all,
>>
>> I have a L2L VPN set up between an ASA and an IOS router that uses digital
>> signatures for authentication. I've noticed that when I try to initiate the
>> tunnel from the ASA side that it fails, however, when I test from the IOS
>> router side the tunnel comes up. Is this normal behavior ? And if it is (or
>> isnt), why cant the tunnel be initiated from the ASA side ?
>>
>> Mark
>>
>> _______________________________________________
>> For more information regarding industry leading CCIE Lab training, please
>> visit www.ipexpert.com
>>
>> Are you a CCNP or CCIE and looking for a job? Check out
>> www.PlatinumPlacement.com
>>
>
>
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
Are you a CCNP or CCIE and looking for a job? Check out
www.PlatinumPlacement.com
