I know I have a lot of VPN configs on this blog, but VPNs are everywhere. I don't know any company that doesn't have a site to site VPN. I did this on a ASA 5505 and the remote end looks the same (except the ACLs being reversed and the peer address). Anyway, here is what I put in for the config:
access-list interestingACL extended permit ip 192.168.1.0 255.255.255.0 192.168.5.0 255.255.255.0
access-list nonat extended permit ip 192.168.1.0 255.255.255.0 192.168.5.0 255.255.255.0
tunnel-group 5.5.5.46 type ipsec-l2l
tunnel-group 5.5.5.46 ipsec-attributes
pre-shared-key passphrase
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto isakmp policy 10
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto map outside_map 10 match address interestingACL
crypto map outside_map 10 set peer 5.5.5.46
crypto map outside_map 10 set transform-set ESP-3DES-SHA
nat (inside) 0 access-list nonat
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp nat-traversal 10
No comments:
Post a Comment
Your comment will be reviewed for approval. Thank you for submitting your comments.