Search This Blog

Tuesday, 11 September 2012

ASA VPN FAILOVER


crypto ipsec transform-set L2L esp-aes-256 esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map l2l 1 match address LAN_Traffic
crypto map l2l 1 set peer REMOTE_IP_FIRST _PEER REMOTE_IP_SEC_PEER 
crypto map l2l 1 set transform-set L2L
crypto map l2l interface outside   <--Points to first ISP
crypto map l2l interface outside2  <--Point to second ISP
crypto isakmp enable outside       <--Apply to first ISP
crypto isakmp enable outside2      <--Apply to second ISP
crypto isakmp policy 1
 authentication pre-share
 encryption aes-256
 hash sha
 group 2
 lifetime 86400
!
!
tunnel-group REMOTE_IP_FIRST _PEER type ipsec-l2l
tunnel-group REMOTE_IP_FIRST _PEER ipsec-attributes
 pre-shared-key mapskey
tunnel-group REMOTE_IP_SEC_PEER type ipsec-l2l
tunnel-group REMOTE_IP_SEC_PEER  ipsec-attributes
 pre-shared-key KEY

Monday, 10 September 2012

DHCP on Juniper


set interface bgroup0 dhcp server service
set interface bgroup0 dhcp server auto
set interface bgroup0 dhcp server option gateway x.x.x.x
set interface bgroup0 dhcp server option netmask 255.255.255.0
set interface bgroup0 dhcp server option dns1 x.x.x.x
set interface bgroup0 dhcp server ip x.x.x.x to x.x.x.x
unset interface bgroup0 dhcp server config next-server-ip