Saturday, August 15, 2009

VPN lan2lan using ASA template!

Hi,

If you intend to create a VPN connection using two ASAs, and you have already two static IPs at both sites, then you only need the following:

access-list inside-voice_NAT_outside extended permit ip <source lan subnet> <source lan mask> <dest. lan subnet> <dest. lan mask>
access-list outside_cryptomap_voice-inside extended permit ip <source lan subnet> <source lan mask> <dest. lan subnet> <dest. lan mask>

nat (inside-voice) 0 access-list inside-voice_NAT_outside


route outside 0.0.0.0 0.0.0.0 <DGW IP> 1



crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto map outside_map 20 match address outside_cryptomap_voice-inside
crypto map outside_map 20 set peer <Peer IP address>
crypto map outside_map 20 set transform-set ESP-AES-256-SHA
crypto map outside_map interface outside

crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption aes-256
hash sha
group 5
lifetime 86400




tunnel-group <Peer IP address> ipsec-attributes
pre-shared-key <a key of your choice>


#END

I will add all kind of VPN config here, as well as I will try to make the same with Vyatta not only Cisco.

I hope it will help!
;)