![]() ![]() ![]() SiteA(config)# crypto map SITEB-B interface outsideĤ.VPN traffic is not subjected to any other NAT rule. SiteA(config)# crypto map SITEA-B 100 set ikev1 transform-set myvpn SiteA(config)# crypto map SITEA-B 100 set peer 10.200.10.2 SiteA(config)# crypto map SITEA-B 100 set pfs SiteA(config)# crypto map SITEA-B 100 match address 100 SiteA(config)# crypto ipsec ikev1 transform-set myvpn esp-aes esp-sha-hmac An identical TS must be created on the remote end as well. ![]() Configure the Transform Set (TS), which must involve the keyword IKEv1. SiteA(config)#access-list 100 extended permit ip object inside object VPN-SITEBģ. SiteA(config-network-object)#subnet 192.168.11.0 255.255.255.0Ģ.Create an access list that defines the traffic to be encrypted and tunneled SiteB(config-tunnel-ipsec)#ikev1 pre-shared-key cisco123ġ.Create two objects that have the local and remote subnets and use them for both the crypto Access Control List (ACL) and the NAT statements. SiteB(config-tunnel-ipsec))#tunnel-group 10.200.20.2 ipsec-attributes SiteB(config-ikev1-policy)# lifetime 86400ģ.Create a tunnel group under the IPsec attributes and configure the peer IP address and the tunnel pre-shared key: SiteB(config)# tunnel-group 10.200.20.2 type ipsec-l2l SiteB(config-ikev1-policy)# encryption aes SiteB(config-ikev1-policy)# authentication pre-share SiteA(config-tunnel-ipsec)#ikev1 pre-shared-key cisco123ġ.Phase 1 configuration SITE B : SiteB(config )# crypto ikev1 enable outsideĢ.Create an IKEv1 policy that defines the algorithms/methods SiteA(config-tunnel-ipsec))#tunnel-group 10.200.10.2 ipsec-attributes SiteA(config-ikev1-policy)# lifetime 86400ģ.Create a tunnel group under the IPsec attributes and configure the peer IP address and the tunnel pre-shared key: SiteA(config)# tunnel-group 10.200.10.2 type ipsec-l2l ![]() SiteA(config-ikev1-policy)# encryption aes SiteA(config-ikev1-policy)# authentication pre-share Let’s start VPN configuration with Phase 1(IKEv1)ġ.Phase 1 configuration SITE A : SiteA(config )# crypto ikev1 enable outsideĢ.Create an IKEv1 policy that defines the algorithms/methods SiteA(config)# crypto ikev1 policy 1 SiteB(config-network-object)# nat (inside,outside) dynamic interface Internet Access Site-B SiteB(config)# object network inside SiteA(config-network-object)# nat(inside,outside) dynamic interface Internet Access Site-A SiteA(config)# object network inside SiteB(config)#dhcpd dns 8.8.8.8 8.8.8.8 interface inside R1(config-router)#network 0.0.0.0 255.255.255.255 area 1įIREWALL INTERFACES CONFIGURATION OUTSIDE AND INSIDE DHCP ( On this lab Router 1 will be acting as an ISP router) Routing Configuration R1 # I have added OSPF routing protocol for this LAB, to able to communicate 2 firewall’s outside g0/0 interfaces. Router outside interface f0/0 getting an ip address from VM NAT adaptor- please click this link to understand VM NAT interface. “” R1# ( ISP ROUTER ) R1 f0/0 to PUBLIC INTERNET Router GNS3 image (C3725-ADVENTERPRISEK9-M), Version 12.4(15) T10 – Please see the router image from this link “” Please take note if you can not add an IP address on any FastEthernet – please use no switchport command under R1(config-if)#. What is VPN Connection? – A virtual private network extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. This post will show you how to configure Virtual Private Network (VPN) on Cisco adaptive security appliance. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |