I have trouble to setup a VPN to another Firewall, for now, it isn't working.
Logging rule i see:
Group = X.X.X.X, IP = X.X.X.X, IKE Initiator: New Phase 2, Intf outside, IKE Peer X.X.X.X local Proxy Address Y.Y.Y.Y, remote Proxy Address Z.Z.Z.Z, Crypto map (outside_map)
X.X.X.X = external IP address from remote firewall
Y.Y.Y.Y = Internal IP range on our firewall
Z.Z.Z.Z = internal IP range on remote firewall
Is this correct? is this just a warning I can ignore, or what did I wrong?
crypto map outside_map XX match address outside_32_cryptomap_1
crypto map outside_map XX set peer X.X.X.X
crypto map outside_map XX set transform-set ESP-AES-256-SHA
crypto map outside_map XX set security-association lifetime seconds 3600
access-list outside_32_cryptomap_1 extended permit ip object-group XXXXXXXXX object-group XXXXXXXXX
If I disable PFS isn't working, then I don't pass Phase 1.
Thanks a lot
Do sh cry ipsec sa
What's the version on ASA?