SRX

Hi Experts

I have scenario like, SRX100 with dynamic IP and Cisco ASA with static public IP. I need to configure site to site IPSEC VPN. My question is that, on SRX100 we will define the ike gateway and local identity  as below:

set security ike gateway CISCO-ASA local-identity srx100

But what is the equivalent command of JUNOS on Cisco ASA  to define the SRX100 as dynamic peer as below?????

set security ike gateway JUNIPER-SRX100 dynamic hostname srx100

Hi,

In cisco ASA there is a command to specify the ike identity of the peer as either ip address or hostname based on the requirement. If the peer end is having dynamic ip, you can go for the below config and you can sepcify the local ike identity value as below.

cisco(config)#crypto isakmp peer hostname srx100.juniper.net  -> peer end ike identification

cisco10(config)#crypto isakmp identity address  -> local ike identification type

Hi Venu

So just for understanding what you wrote, If I have ASA with static IP at one side and on the other side there is ASA with dynamic IP address then you means, in static side ASA I need to run below command to specify the peer ID:

cisco(config)#crypto isakmp peer hostname srx100.juniper.net  -> peer end ike identification

AND in dynamic side ASA side I need to specify below command to specify the local ID:

cisco10(config)#crypto isakmp identity hostname srx100.juniper.net

Am I right in understanding???

Thanks

Yes, If you are using ASA on both ends, 1st command reflects the ike-identity of the peer and second command to specify the local identity values. If the dynamic end is our srx, and don't mention the remote-identity value explicitly, srx will take gateway address as remote ike-identity which is defalut behavior. In this case use the below command

cisco10(config)#crypto isakmp identity address 

Thanks Dear

Hi Venu,

                Can you give us sample configs to your post? This is a good source of this forum.

Thanks a lot