L2L VPN ASA

!———–Core side/Static side
!
!–Crypto ACL referencing networks to be part of the VPN
!
access-list storenets extended permit ip object-group local_nets object-group remote_nets
!
!–Zero NAT or twice NAT for translating local VPN networks to remote VPN networks
!
nat (inside,outside) source static local_nat_nets local_nat_nets destination static remote_nets remote_nets no-proxy-arp route-lookup
!
!–NAT to the internet
!
nat (inside,outside) source dynamic any interface
!
!–Building IKEV V1 proposal/transform set
!
crypto ipsec ikev1 transform-set site2site esp-3des esp-sha-hmac
!
!–Building IKEV V1 Policy
!
crypto ikev1 policy 30
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
!
!–The crypto map
!
crypto dynamic-map lab_dyn_vpn 10 match address storenets
crypto dynamic-map lab_dyn_vpn 10 set pfs group5
crypto dynamic-map lab_dyn_vpn 10 set ikev1 transform-set site2site
crypto dynamic-map lab_dyn_vpn 10 set reverse-route
crypto map outside_map 65535 ipsec-isakmp dynamic lab_dyn_vpn
crypto map outside_map interface outside
!
!–Enabling IKE V1 on outside interface
!
crypto ikev1 enable outside
!
!–Group policy
!
group-policy ELcorL2Lpolicy internal
group-policy ELcorL2Lpolicy attributes
vpn-idle-timeout none
vpn-session-timeout none
vpn-tunnel-protocol ikev1
!
!–TunnelGroup referancing Group policy and ipsec pre-shared key
!
tunnel-group EngLab-L2L general-attributes
default-group-policy ELcorL2Lpolicy
tunnel-group EngLab-L2L ipsec-attributes
ikev1 pre-shared-key *****
!
end
!
!———-Spoke side/Dynamic side
!
!–Crypto ACL
!
access-list ipsec_to_epb extended permit ip 10.204.20.0 255.255.254.0 object-group vpn_nets
!
!–Static Crypto map
!
crypto map vpn_map 1 match address ipsec_to_epb
crypto map vpn_map 1 set pfs group5
crypto map vpn_map 1 set peer 74.221.180.62
crypto map vpn_map 1 set ikev1 transform-set ESP-3DES-SHA
crypto map vpn_map 1 set reverse-route
!
!
!
tunnel-group 74.221.180.62 type ipsec-l2l
tunnel-group 74.221.180.62 general-attributes
default-group-policy DefaultL2L-policy
tunnel-group 74.221.180.62 ipsec-attributes
ikev1 pre-shared-key *****
!
end

Leave a Reply

Your email address will not be published. Required fields are marked *