Cisco Cisco ASA for Nexus 1000V Series Switch Guía Para Resolver Problemas
ASA Configuration
The ASA configuration in this example is meant to be strictly basic; no external servers are used.
interface GigabitEthernet0/0
nameif outside
security−level 0
ip address 10.48.67.14 255.255.254.0
crypto ipsec transform−set TRA esp−aes esp−sha−hmac
crypto ipsec security−association lifetime seconds 28800
crypto ipsec security−association lifetime kilobytes 4608000
crypto dynamic−map DYN 10 set transform−set TRA
crypto dynamic−map DYN 10 set reverse−route
crypto map MAP 65000 ipsec−isakmp dynamic DYN
crypto map MAP interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre−share
encryption aes
hash sha
group 2
lifetime 86400
username cisco password cisco
username cisco attributes
vpn−framed−ip−address 192.168.1.100 255.255.255.0
tunnel−group EZ type remote−access
tunnel−group EZ general−attributes
default−group−policy EZ
tunnel−group EZ ipsec−attributes
pre−shared−key *****
group−policy EZ internal
group−policy EZ attributes
password−storage enable
dns−server value 192.168.1.99
vpn−tunnel−protocol ikev1
split−tunnel−policy tunnelall
split−tunnel−network−list value split
default−domain value jyoungta−labdomain.cisco.com
Debugging
Note: Refer to Important Information on Debug Commands before you use debug commands.
Server Message Description
Debugs
Client
Message
Description
Message
Description
49711:28:30.28908/24/12Sev=Info/6IKE/0x6300003B
Attempting to establish a connection with 64.102.156.88.
49811:28:30.29708/24/12Sev=Debug/7IKE/0x63000076
NAV Trace−>SA:I_Cookie=D56197780D7BE3E5
R_Cookie=0000000000000000CurState:
AM_INITIALEvent: EV_INITIATOR
Attempting to establish a connection with 64.102.156.88.
49811:28:30.29708/24/12Sev=Debug/7IKE/0x63000076
NAV Trace−>SA:I_Cookie=D56197780D7BE3E5
R_Cookie=0000000000000000CurState:
AM_INITIALEvent: EV_INITIATOR
Aggressive
mode starts.
Construct
AM1. This
process
includes:
mode starts.
Construct
AM1. This
process
includes: