Cisco ASA Site-to-Site VPN

Root Folder > Cisco
Assumumptions:
Local Subnet: 192.168.5.0 /24
Remote Subnet: 192.168.6.0 /24
Remote Public IP Address: 198.207.100.1

Site-to-Site VPN Template
crypto isakmp policy 10
 authentication pre-share
 encryption 3des
 hash md5
 group 2
 lifetime 28800
crypto isakmp policy 20
 authentication pre-share
 encryption des
 hash md5
 group 2
 lifetime 28800
crypto isakmp policy 30 
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 28800
crypto isakmp policy 40 
 authentication pre-share
 encryption des 
 hash sha
 group 2
 lifetime 28800

access-list REMOTE_SITE_10 extended permit ip 192.168.5.0 255.255.255.0 192.168.6.0 255.255.255.0

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set 3des-md5 esp-3des esp-md5-hmac
crypto ipsec transform-set des-md5 esp-des esp-md5-hmac
crypto ipsec transform-set 3des-sha esp-3des esp-sha-hmac
crypto ipsec transform-set des-sha esp-des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000

crypto map OUTSIDE_MAP 10 match address REMOTE_SITE_10
crypto map OUTSIDE_MAP 10 set pfs group1                     ** OPTIONAL
crypto map OUTSIDE_MAP 10 set peer 198.207.100.1
crypto map OUTSIDE_MAP 10 set transform-set ESP-3DES-SHA
crypto map OUTSIDE_MAP 10 set security-association lifetime seconds 28800
crypto map OUTSIDE_MAP interface outside

nat (inside) 0 access-list REMOTE_SITE_10                        *            VARIES

tunnel-group 198.207.100.1 type ipsec-l2l
tunnel-group 198.207.100.1 ipsec-attributes
 pre-shared-key *******                                                  * Must match on both sides

Add Feedback