ASA Configuration
!
hostname ASA
enable password 8Ry2YjIyt7RRXU24 encrypted
names
!
interface Ethernet0/0
nameif outside
security-level 0
ip address
11.11.11.10 255.255.255.0
no shut
!
interface Ethernet0/1
nameif inside
security-level 100
ip address
192.168.11.1 255.255.255.0
no shut
!
access-list ACL-RED-VPN extended permit ip 192.168.11.0
255.255.255.0 172.16.22.0 255.255.255.0
access-list ACL-INSIDE-NONAT extended permit ip
192.168.11.0 255.255.255.0 172.16.22.0 255.255.255.0
!
nat (inside) 0 access-list ACL-INSIDE-NONAT
route outside 0.0.0.0 0.0.0.0 11.11.11.11 1
!
crypto ipsec transform-set ESP-AES128-SHA esp-aes
esp-sha-hmac
crypto map MAP-OUTSIDE 20 match address ACL-RED-VPN
crypto map MAP-OUTSIDE 20 set peer 11.11.11.11
crypto map MAP-OUTSIDE 20 set transform-set
ESP-AES128-SHA
crypto map MAP-OUTSIDE 20 set security-association
lifetime kilobytes 10000
crypto map MAP-OUTSIDE interface outside
crypto isakmp enable outside
crypto isakmp policy 5
authentication
pre-share
encryption aes
hash sha
group 2
lifetime 36400
!
tunnel-group 11.11.11.11 type ipsec-l2l
tunnel-group 11.11.11.11 ipsec-attributes
pre-shared-key
123456
prompt hostname context
: end
ciscoasa#
Branchoffice
Router configuration
Branchoffice#show run
Building configuration...
hostname Branchoffice
!
crypto isakmp policy 5
encr aes
authentication
pre-share
group 2
crypto isakmp key 123456 address 11.11.11.10
!
crypto ipsec transform-set AES-SHA esp-aes esp-sha-hmac
crypto map VPN-TUNNEL 1 ipsec-isakmp
set peer
11.11.11.10
set transform-set
AES-SHA
match address
ACL-VPN
!
interface Ethernet1/0
ip address
11.11.11.11 255.255.255.0
crypto map VPN-TUNNEL
no shut
!
interface Ethernet1/1
ip address
172.16.22.1 255.255.255.0
no shut
!
ip route 0.0.0.0 0.0.0.0 11.11.11.10
!
ip access-list extended ACL-VPN
permit ip
172.16.22.0 0.0.0.255 192.168.11.0 0.0.0.255
!
end
Branchoffice#
No comments:
Post a Comment