Friday, May 2, 2014

Cisco ASA: More 8.3 Site To Site VPN Config

I know I have a lot of VPN configs on this blog, but VPNs are everywhere.  I don't know any company that doesn't have a site to site VPN.  I did this on a ASA 5505 and the remote end looks the same (except the ACLs being reversed and the peer address).  Anyway, here is what I put in for the config:

access-list interestingACL extended permit ip
access-list nonat extended permit ip

tunnel-group type ipsec-l2l
tunnel-group ipsec-attributes
 pre-shared-key passphrase

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto isakmp policy 10
authentication pre-share
 encryption aes-256
 hash sha
 group 2
 lifetime 86400

crypto map outside_map 10 match address interestingACL
crypto map outside_map 10 set peer
crypto map outside_map 10 set transform-set ESP-3DES-SHA

nat (inside) 0 access-list nonat

crypto map outside_map interface outside
crypto isakmp enable outside

crypto isakmp nat-traversal 10

No comments:

Post a Comment

Your comment will be reviewed for approval. Thank you for submitting your comments.