Skip to content

CCIE23050.com CCIE Network blog HTTP://1806971003

CCIE23050.com

  • Home
  • About Me
  • Contact Me

post 8.3 ASA l2l VPN config

Posted on November 1, 2016 by admin

name 77.77.77.77 farend_Peer

name 10.77.1.1 farend_Host1

name 10.77.1.2 farend_Host2

name 10.77.1.3 farend_Host3

object-group network FAR_END_HOSTS

description FAR_END_HOSTS

network-object 10.77.1.1 255.255.255.255

network-object 10.77.1.2 255.255.255.255

network-object 10.77.1.3 255.255.255.255

object-group network LOCAL-END_HOSTS

description LOCAL-END_HOSTS

network-object 172.16.77.0 255.255.255.0

network-object 172.20.77.0 255.255.255.0

access-list 105 extended permit ip object-group LOCAL-END_HOSTS object-group FAR_END_HOSTS

Tunnel Group Config

tunnel-group 77.77.77.77 type ipsec-l2l

tunnel-group 77.77.77.77 ipsec-attributes

ikev1 pre-shared-key xxxxx

Crypto Config

crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac

crypto map OUTSIDE_map 20 match address 105

crypto map OUTSIDE_map 20 set pfs

crypto map OUTSIDE_map 20 set peer 77.77.77.77

crypto map OUTSIDE_map 20 set ikev1 transform-set ESP-AES-256-SHA

crypto map OUTSIDE_map interface outside

crypto ikev1 enable outside

crypto ikev1 policy 3

authentication pre-share

encryption aes-256

hash sha

group 2

lifetime 86400

NAT Config

object-group network obj-remote-NAT

network-object 10.77.1.0 255.255.255.0

object-group network obj-local-NAT

network-object 172.16.77.0 255.255.255.0

network-object 172.20.77.0 255.255.255.0

nat (INSIDE,OUTSIDE) source static obj-local-NAT obj-local-NAT destination static obj-remote-NAT obj-remote-NAT

Posted in CiscoTagged VPN

Post navigation

snmp-server traps for ipsec-isakmp
ASA Anyconnect config

Follow Me

  • YouTube
  • LinkedIn

Location

  • 10809 Executive Center Dr, Little Rock, AR 72211
Proudly powered by WordPress | Theme: micro, developed by DevriX.