IPSec VPN configuration between Cisco ASA to ASA

Phase 1:
crypto ikev1 policy 10
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400

name 10.10.10.6 Thimi-L2

Object Group:
object-group network Kukl_Thimi_network
network-object 192.168.104.0 255.255.255.0

object-group network Kukl_Thimi_network
network-object 192.168.104.0 255.255.255.0

Access Control List:
access-list kukl_cryptomap_bhaktapur extended permit ip object-group Kukl_HQ_Network object-group Kukl_Bhaktapur_network log
access-list kukl_cryptomap_bhaktapur remark Interesting Traffic

access-list Kukl_filter_acl_thimi extended permit ip any4 any4 log
access-list Kukl_filter_acl_thimi remark Tripureshwor Traffic Filter

Route:
route HQL2 192.168.104.0 255.255.255.0 Thimi-L2 1

Phase 2:
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac

crypto map outside_map 50 set peer Thimi-L2
crypto map outside_map 50 set ikev1 transform-set ESP-AES-256-SHA
crypto map outside_map 50 set security-association lifetime seconds 86400
crypto map outside_map 60 match address kukl_cryptomap_bhaktapur
crypto map outside_map 60 set pfs group5

Group Policy:
group-policy kukl_policy_5 internal
group-policy kukl_policy_5 attributes
vpn-idle-timeout none
vpn-session-timeout none
vpn-filter value Kukl_filter_acl_thimi
vpn-tunnel-protocol ikev1

 Tunnel Group:
tunnel-group 10.10.10.6 type ipsec-l2l
tunnel-group 10.10.10.6 general-attributes
default-group-policy kukl_policy_5
tunnel-group 10.10.10.6 ipsec-attributes
ikev1 pre-shared-key *****

Enable Crypto in Interface
crypto ikev1 enable HQL2
crypto map outside_map interface HQL2

Knowledge Base

IPSec VPN configuration between Cisco ASA to ASA

Was this article helpful?

Leave A Comment? Cancel Reply

About iautomatix.com.np

Knowledge Base Authors

Privacy Policy