Cisco Cisco ASA for Nexus 1000V Series Switch Technisches Handbuch

Contributed by Santhosha Shetty, Rahul Govindan, and Adesh Gairola,
Cisco TAC Engineers.
Jun 22, 2015

Introduction
Prerequisites
     Requirements
     Components Used
Configure
     Network Diagram
     ASDM Configuration
        Central−ASA (Static Peer)
        Remote−ASA (Dynamic Peer)
     CLI Configuration
        Central ASA (Static Peer) Configuration
        Remote−ASA (Dynamic Peer)
Verify
     Central ASA
     Remote−ASA
Troubleshoot
     Remote−ASA (Initiator)
     Central−ASA (Responder)
Related Information

This document describes how to enable the Adaptive Security Appliance (ASA) to accept dynamic IPsec
site−to−site VPN connections from any dynamic peer (ASA in this case). As the Network Diagram in this
document shows, the IPsec tunnel is established when the tunnel is initiated from the Remote−ASA end only.
The Central−ASA cannot initiate a VPN tunnel because of the dynamic IPsec configuration. The IP address of
Remote−ASA is unknown.

Configure Central−ASA in order to dynamically accept connections from a wild−card IP address (0.0.0.0/0)
and a wild−card pre−shared key. Remote−ASA is then configured to encrypt traffic from local to
Central−ASA subnets as specified by the crypto access−list. Both sides perform Network Address Translation
(NAT) exemption in order to bypass NAT for IPsec traffic.

There are no specific requirements for this document.