Sunday 28 September 2014

vpnsetup site-to-site steps

ASA5510(config)# vpnsetup site-to-site steps

Steps to configure a site-to-site IKE/IPSec connection with examples:

1. Configure Interfaces

        interface GigabitEthernet0/0
         ip address 10.10.4.200 255.255.255.0
         nameif outside
         no shutdown

        interface GigabitEthernet0/1
         ip address 192.168.0.20 255.255.255.0
         nameif inside
         no shutdown

2. Configure ISAKMP policy

        crypto isakmp policy 10
         authentication pre-share
         encryption aes
         hash sha

3. Configure transform-set

        crypto ipsec transform-set myset esp-aes esp-sha-hmac

4. Configure ACL

        access-list L2LAccessList extended permit ip 192.168.0.0 255.255.255.0 192.168.50.0 255.255.255.0

5. Configure Tunnel group

        tunnel-group 10.20.20.1 type ipsec-l2l
        tunnel-group 10.20.20.1 ipsec-attributes
         pre-shared-key P@rtn3rNetw0rk

6. Configure crypto map and attach to interface

        crypto map mymap 10 match address L2LAccessList
        crypto map mymap 10 set peer 10.10.4.108
        crypto map mymap 10 set transform-set myset
        crypto map mymap 10 set reverse-route
        crypto map mymap interface outside

7. Enable isakmp on interface

        crypto isakmp enable outside

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)