Hello everyone!
I'm trying to create route-based VPN connection between Cisco ASA and Juniper SRX, but I have a problem with ACL and Proxy IDs. Cisco ASA log states that
[IKEv1]Group = A.A.A.A, IP = A.A.A.A, Rejecting IPSec tunnel: no matching crypto map entry for remote proxy B.B.B.B/255.255.255.0/6/0 local proxy Z.Z.Z.Z/255.255.255.255/6/22 on interface comcastpublic
I don't know how to make B.B.B.B/255.255.255.0/6/22 and where the problem is. The aim is to pass only SSH traffic through this VPN.
Notation:
A.A.A.A - Juniper public IP
B.B.B.B - Juniper private IP
Y.Y.Y.Y - Cisco public IP
Z.Z.Z.Z - Cisco private IP
Configuration is attached. Does anyone have any ideas?