Device Manager Version 7.5(1)
This is the network topology:
ASA1 Configuration
access-list
ACL_IPSEC_ASA2 extended permit ip any4 192.168.20.0 255.255.255.0
!
#Note that tunnel group must be the peer IP address
tunnel-group
10.2.0.1 type ipsec-l2l
tunnel-group
10.2.0.1 ipsec-attributes
ikev1 pre-shared-key <PRE-SHARED_KEY>
!
crypto map
VPN_MAP 10 match address ACL_IPSEC_ASA2
crypto map
VPN_MAP 10 set pfs
crypto map
VPN_MAP set reverse-route
crypto map
VPN_MAP 10 set peer 10.2.0.1
crypto map
VPN_MAP 10 set ikev1 transform-set ESP-AES-256-SHA ESP-AES-128-SHA
ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-MD5 ESP-3DES-SHA
ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map
VPN_MAP interface EXTERNAL
!
same-security-traffic
permit inter-interface
same-security-traffic
permit intra-interface
!
object
network OG_ASA1_NETWORK
subnet 192.168.10.0 255.255.255.0
!
object
network OG_ASA2_NETWORK
subnet 192.168.20.0 255.255.255.0
!
nat
(any,any) source static OG_ASA1_NETWORK OG_ASA2_NETWORK destination static
OG_ASA1_NETWORK OG_ASA2_NETWORK unidirectional
nat
(any,EXTERNAL) source dynamic OG_ASA2_NETWORK interface
!
route EXTERNAL
0.0.0.0 0.0.0.0 1
|
ASA2 Configuration
access-list
ACL_IPSEC_ASA1 extended permit ip 192.168.20.0 255.255.255.0 any4
!
#Note that tunnel group must be the peer IP address
tunnel-group
10.1.0.1 type ipsec-l2l
tunnel-group
10.1.0.1 ipsec-attributes
ikev1 pre-shared-key <PRE-SHARED_KEY>
!
crypto map
VPN_MAP 10 match address ACL_IPSEC_ASA2
crypto map
VPN_MAP 10 set pfs
crypto map
VPN_MAP set reverse-route
crypto map
VPN_MAP 10 set peer 10.1.0.1
crypto map
VPN_MAP 10 set ikev1 transform-set ESP-AES-256-SHA ESP-AES-128-SHA
ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-MD5 ESP-3DES-SHA
ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map
VPN_MAP interface EXTERNAL
!
same-security-traffic
permit inter-interface
same-security-traffic
permit intra-interface
!
route EXTERNAL
10.1.0.1 255.255.255.255 10.2.0.2 1
|
No comments:
Post a Comment