Looking to replace Cisco routers at multiple remote sites with Juniper SRX's, but it seems impossible to create a route-based S2S VPN between a Juniper SRX and a Cisco ASA.
The ASA log will show the following:
Rejecting IPSec tunnel: no matching crypto map entry for remote proxy 0.0.0.0/0.0.0.0/0/0 local proxy 0.0.0.0/0.0.0.0/0/0 on interface outside
It looks as though the Juniper is expecting an any/any crypto map on the ASA but the ASA doesn't use crypto maps for route-based VPNs.
Two questions:
- Is it even possible to form a route-based VPN between the two manufacturers?
- It's my understanding that route-based VPNs do not use crypto maps because the routing protocols take care of that. So, am I mistaken or do Juniper devices implement a janky form of route-based but not route-based VPNs that still use crypto maps?
Appreciate your insight!
No comments:
Post a Comment