Site to Site VPN Tunnel on Cisco ASA (Virtual Edition) over VMWare Workstation
ASA1
Step 1: ISAKMP Policy
crypto isakmp enable outside
crypto isakmp policy 1
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
Step 2: IPsec Transform Set
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
Step 3: Create an ACL to Match Traffic
object-group network VPN-Local-Sub
network-object 10.0.0.0 255.255.255.0
object-group network VPN-Remote-Sub
network-object 20.0.0.0 255.255.255.0
access-list VPN extended permit ip object-group VPN-Local-Sub object-group VPN-Remote-Sub
Step 4: Create a Tunnel Group
tunnel-group 172.16.13.2 type ipsec-l2l
tunnel-group 172.16.13.2 ipsec-attributes
ikev1 pre-shared-key CiScO
Step 5: Create and Apply a Crypto Map
crypto map A2A 2 match address VPN
crypto map A2A 2 set peer 172.16.13.2
crypto map A2A 2 set ikev1 transform-set ESP-AES-256-SHA
crypto map A2A 2 set security-association lifetime seconds 86400
crypto map A2A interface outside
================================================================================================================
ASA2
Step 1: ISAKMP Policy
crypto isakmp enable outside
crypto isakmp policy 1
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
Step 2: IPsec Transform Set
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
Step 3: Create an ACL to Match Traffic
object-group network VPN-Local-Sub
network-object 20.0.0.0 255.255.255.0
object-group network VPN-Remote-Sub
network-object 10.0.0.0 255.255.255.0
access-list VPN extended permit ip object-group VPN-Local-Sub object-group VPN-Remote-Sub
Step 4: Create a Tunnel Group
tunnel-group 172.16.12.2 type ipsec-l2l
tunnel-group 172.16.12.2 ipsec-attributes
ikev1 pre-shared-key CiScO
Step 5: Create and Apply a Crypto Map
crypto map A2A 2 match address VPN
crypto map A2A 2 set peer 172.16.12.2
crypto map A2A 2 set ikev1 transform-set ESP-AES-256-SHA
crypto map A2A 2 set security-association lifetime seconds 86400
crypto map A2A interface outside
Test Tunnel
show isakmp sa
show ipsec sa
ASA1
Step 1: ISAKMP Policy
crypto isakmp enable outside
crypto isakmp policy 1
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
Step 2: IPsec Transform Set
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
Step 3: Create an ACL to Match Traffic
object-group network VPN-Local-Sub
network-object 10.0.0.0 255.255.255.0
object-group network VPN-Remote-Sub
network-object 20.0.0.0 255.255.255.0
access-list VPN extended permit ip object-group VPN-Local-Sub object-group VPN-Remote-Sub
Step 4: Create a Tunnel Group
tunnel-group 172.16.13.2 type ipsec-l2l
tunnel-group 172.16.13.2 ipsec-attributes
ikev1 pre-shared-key CiScO
Step 5: Create and Apply a Crypto Map
crypto map A2A 2 match address VPN
crypto map A2A 2 set peer 172.16.13.2
crypto map A2A 2 set ikev1 transform-set ESP-AES-256-SHA
crypto map A2A 2 set security-association lifetime seconds 86400
crypto map A2A interface outside
================================================================================================================
ASA2
Step 1: ISAKMP Policy
crypto isakmp enable outside
crypto isakmp policy 1
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
Step 2: IPsec Transform Set
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
Step 3: Create an ACL to Match Traffic
object-group network VPN-Local-Sub
network-object 20.0.0.0 255.255.255.0
object-group network VPN-Remote-Sub
network-object 10.0.0.0 255.255.255.0
access-list VPN extended permit ip object-group VPN-Local-Sub object-group VPN-Remote-Sub
Step 4: Create a Tunnel Group
tunnel-group 172.16.12.2 type ipsec-l2l
tunnel-group 172.16.12.2 ipsec-attributes
ikev1 pre-shared-key CiScO
Step 5: Create and Apply a Crypto Map
crypto map A2A 2 match address VPN
crypto map A2A 2 set peer 172.16.12.2
crypto map A2A 2 set ikev1 transform-set ESP-AES-256-SHA
crypto map A2A 2 set security-association lifetime seconds 86400
crypto map A2A interface outside
Test Tunnel
show isakmp sa
show ipsec sa
No comments:
Post a Comment