Head office ASA Configuration
| |||
Interface
|
E0/0
|
E0/1
| |
IP Address
|
172.162.1.1
|
192.168.1.1
| |
Net mask
|
255.255.255.0
|
255.255.255.0
| |
Branch Office ASA Configuration
| |||
Interface
|
E0/0
|
E0/1
| |
IP Address
|
172.162.1.2
|
192.168.2.1
| |
Net mask
|
255.255.255.0
|
255.255.255.0
| |
HO -USER1 Router
| |||
Interface
|
E1/0
| ||
IP Address
|
192.168.1.10
| ||
Net mask
|
255.255.255.0
| ||
HO –USER2 Router
| |||
Interface
|
E1/0
| ||
IP Address
|
192.168.1.11
| ||
Net mask
|
255.255.255.0
| ||
BO -USER1 Router
| |||
Interface
|
E1/0
| ||
IP Address
|
192.168.1.10
| ||
Net mask
|
255.255.255.0
| ||
BO –USER2 Router
| |||
Interface
|
E1/0
| ||
IP Address
|
192.168.1.11
| ||
Net mask
|
255.255.255.0
| ||
NETWORK USED TO OVERCOME NETWORK OVERLAPPING
HO OFFICE NETEWORK: 192.168.2.0 /24
BO OFFICE NETWORK: 192.168.3.0 /24
ASA HO CONFIGURATION
HO# show run
: Saved
:
ASA Version 8.0(2)
!
hostname HO
enable password 8Ry2YjIyt7RRXU24 encrypted
names
!
interface Ethernet0/0
nameif outside
security-level 0
ip address 172.162.1.1 255.255.255.0
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
access-list new extended permit ip 192.168.2.0 255.255.255.0 192.168.3.0 255.255.255.0
access-list policy-nat extended permit ip 192.168.1.0 255.255.255.0 192.168.3.0 255.255.255.0
pager lines 24
mtu outside 1500
mtu inside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) 192.168.2.0 access-list policy-nat
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set CISCO esp-des esp-md5-hmac
crypto map outside_map 20 match address new
crypto map outside_map 20 set peer 172.162.1.2
crypto map outside_map 20 set transform-set CISCO
crypto map outside_map interface outside
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 65535
authentication pre-share
encryption des
hash md5
group 2
lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
!
!
tunnel-group 172.162.1.2 type ipsec-l2l
tunnel-group 172.162.1.2 ipsec-attributes
pre-shared-key 12345678
prompt hostname context
Cryptochecksum:00000000000000000000000000000000
: end
HO#
ASA BO CONFIGURATION
BO# SHOW RUN
: Saved
:
ASA Version 8.0(2)
!
hostname BO
enable password 8Ry2YjIyt7RRXU24 encrypted
names
!
interface Ethernet0/0
nameif outside
security-level 0
ip address 172.162.1.2 255.255.255.0
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
access-list new extended permit ip 192.168.3.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list policy-nat extended permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
pager lines 24
mtu outside 1500
mtu inside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) 192.168.3.0 access-list policy-nat
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set CISCO esp-des esp-md5-hmac
crypto map outside_map 20 match address new
crypto map outside_map 20 set peer 172.162.1.1
crypto map outside_map 20 set transform-set CISCO
crypto map outside_map interface outside
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 65535
authentication pre-share
encryption des
hash md5
group 2
lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
!
!
tunnel-group 172.162.1.1 type ipsec-l2l
tunnel-group 172.162.1.1 ipsec-attributes
pre-shared-key 12345678
prompt hostname context
Cryptochecksum:00000000000000000000000000000000
: end
BO#
HO -USER1 ROUTER CONFIGURATION
hostname HO_USER1
!
interface Ethernet1/0
ip address 192.168.1.10 255.255.255.0
no shut
!
ip route 0.0.0.0 0.0.0.0 192.168.1.1
HO -USER2 ROUTER CONFIGURATION
hostname HO_USER2
!
interface Ethernet1/0
ip address 192.168.1.11 255.255.255.0
no shut
!
ip route 0.0.0.0 0.0.0.0 192.168.1.1
BO -USER1 ROUTER CONFIGURATION
hostname BO_USER1
!
interface Ethernet1/0
ip address 192.168.1.10 255.255.255.0
no shut
!
ip route 0.0.0.0 0.0.0.0 192.168.1.1
BO -USER2 ROUTER CONFIGURATION
hostname BO_USER2
!
interface Ethernet1/0
ip address 192.168.1.11 255.255.255.0
no shut
!
ip route 0.0.0.0 0.0.0.0 192.168.1.1
Testing
Ping from HO-USER1 ROUTER to BO-USER1 ROUTER
HO_USER1# ping 192.168.3.10
Ping from BO-USER2 ROUTER to HO-USER2 ROUTER
BO_USER2# ping 192.168.2.11
No comments:
Post a Comment