Scribd Logo
Upload

Welcome to Scribd!

  • Asa DVPN

    Uploaded by

    tewiya AKOSSI
    12 views3 pages
    This document contains configuration details for two ASA firewalls to establish a site-to-site VPN tunnel between them. The HQ-ASA is configured with an outside interface at 100.1.1.1 and an inside interface at 192.168.2.1. The REMOTE-ASA is configured similarly with outside at 200.1.1.1 and inside at 172.16.2.1. Both ASAs establish IKEv1 and IPsec policies to encrypt and authenticate the VPN tunnel between them, with pre-shared keys for authentication. NAT rules are applied to pass traffic between the 192.168.1.0 and 172.16.1.0 networks over the encrypted tunnel.

    Original Description:

    Original Title

    ASA_DVPN

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document contains configuration details for two ASA firewalls to establish a site-to-site VPN tunnel between them. The HQ-ASA is configured with an outside interface at 100.1.1.1 and an inside interface at 192.168.2.1. The REMOTE-ASA is configured similarly with outside at 200.1.1.1 and inside at 172.16.2.1. Both ASAs establish IKEv1 and IPsec policies to encrypt and authenticate the VPN tunnel between them, with pre-shared keys for authentication. NAT rules are applied to pass traffic between the 192.168.1.0 and 172.16.1.0 networks over the encrypted tunnel.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    12 views3 pages

    Asa DVPN

    Uploaded by

    tewiya AKOSSI
    This document contains configuration details for two ASA firewalls to establish a site-to-site VPN tunnel between them. The HQ-ASA is configured with an outside interface at 100.1.1.1 and an inside interface at 192.168.2.1. The REMOTE-ASA is configured similarly with outside at 200.1.1.1 and inside at 172.16.2.1. Both ASAs establish IKEv1 and IPsec policies to encrypt and authenticate the VPN tunnel between them, with pre-shared keys for authentication. NAT rules are applied to pass traffic between the 192.168.1.0 and 172.16.1.0 networks over the encrypted tunnel.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 3

    PROJET 2 A

    Configuration HQ-ASA

    # int g0/1

    # nameif outside

    # ip address 100.1.1.1 255.255.255.0

    # no sh

    # int g0/0

    # nameif inside

    # ip address 192.168.2.1 255.255.255.0

    # no sh

    # route outside 0.0.0.0 0.0.0.0 100.1.1.2

    # policy-map global_policy

    # class inspection_default

    # inspect icmp

    # object network lan

    # subnet 192.168.1.0 255.255.255.0

    # nat (inside,outside) dynamic interface

    # object network remote_lan

    # subnet 172.16.1.0 255.255.255.0

    # crypto ikev1 enable outside

    # access-list outside_1 permit ip object lan object remote_lan

    # tunnel-group DefaultL2LGroup type ipsec-l2l

    # tunnel-group DefaultL2LGroup ipsec-attributes

    # ikev1 pre-shared key cisco # isakmp keepalive threshold 10 retry 2

    # crypto ikev1 policy 10

    # authentication pre-share

    # encryption aes

    # hash md5

    # group 2

    # lifetime 86400

    #crypto ipsec ikev1 transform-set nor esp-aes esp-md5-hmac


    #crypto dynamic-map dmap 10 set ikev1 transform-set nor

    #crypto dynamic-map dmap 10 match address outside_1

    #crypto dynamic-map dmap 10 set pfs group1

    #crypto map map 10 ipsec-isakmp dynamic dmap

    #crypto map map interface outside #nat (inside,outside) 1 source static lan lan destination static
    remote_lan remote_lan

    Configuration REMOTE-ASA

    # int g0/1

    # nameif outside

    # ip address 200.1.1.1 255.255.255.0

    # no sh

    # int g0/0

    # nameif inside

    # ip address 172.16.2.1 255.255.255.0

    # no sh

    # route outside 0.0.0.0 0.0.0.0 200.1.1.2

    # policy-map global_policy

    # class inspection_default

    # inspect icmp

    # service-policy global_policy global

    # object network lan # subnet 172.16.1.0 255.255.255.0

    # nat (inside,outside) dynamic interface

    # object network remote_lan

    # subnet 192.168.1.0 255.255.255.0

    # crypto ikev1 enable outside

    # access-list outside_1 permit ip object lan object remote_lan

    # tunnel-group 100.1.1.1 type ipsec-l2l

    # tunnel-group 100.1.1.1 ipsec-attributes

    # ikev1 pre-shared key cisco

    # isakmp keepalive threshold 10 retry 2


    # crypto ikev1 policy 10

    # authentication pre-share

    # encryption aes

    # hash md5

    # group 2

    # lifetime 86400

    # crypto ipsec ikev1 transform-set set esp-aes esp-md5-hmac

    # crypto map map 10 match address outside_1

    # crypto map map 10 set peer 100.1.1.1

    # crypto map map 10 set pfs group1

    # crypto map map 10 set ikev1 transform-set set

    # crypto map map interface outside

    # nat (inside,outside) 1 source static lan lan destination static remote_lan remote_lan

    You might also like