ASA Configuration shown below (i have edited out irrelavant config):
:
:
ASA Version 8.2(4)
!
hostname scho
enable password mrjjYdD8astWJ9lv encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
name 61.xx.xx.xx ems_SRX210H
interface GigabitEthernet0/0.608
vlan 608
nameif internet_network
security-level 0
ip address 212.xx.xx.xx 255.255.255.224 standby 212.xx.xx.xx
!
boot system disk0:/asa824-k8.bin
object-group network customer_routers
network-object host ems_SRX210H
access-list emsvpnACL extended permit ip 10.128.0.128 255.255.255.192 10.10.0.0 255.255.0.0
access-list emsvpnACL extended permit ip 10.10.0.0 255.255.0.0 10.128.0.128 255.255.255.192
access-list emsvpnACL extended deny ip any any log
crypto ipsec transform-set emsvpnTS esp-aes esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map hdd2vpn 40 match address emsvpnACL
crypto map hdd2vpn 40 set peer ems_headoffice
crypto map hdd2vpn 40 set transform-set emsvpnTS
crypto map hdd2vpn interface internet_network
crypto isakmp enable internet_network
crypto isakmp policy 1
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 201
authentication pre-share
encryption aes
hash sha
group 2
lifetime 28800
tunnel-group 62.xx.xx.xx type ipsec-l2l
tunnel-group 62.xx.xx.xx general-attributes
default-group-policy filter
tunnel-group 62.xx.xxx.xx ipsec-attributes
pre-shared-key *****
!