Hi,
If you intend to create a VPN connection using two ASAs, and you have already two static IPs at both sites, then you only need the following:
access-list inside-voice_NAT_outside extended permit ip <source lan subnet> <source lan mask> <dest. lan subnet> <dest. lan mask>
access-list outside_cryptomap_voice-inside extended permit ip <source lan subnet> <source lan mask> <dest. lan subnet> <dest. lan mask>
nat (inside-voice) 0 access-list inside-voice_NAT_outside
route outside 0.0.0.0 0.0.0.0 <DGW IP> 1
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto map outside_map 20 match address outside_cryptomap_voice-inside
crypto map outside_map 20 set peer <Peer IP address>
crypto map outside_map 20 set transform-set ESP-AES-256-SHA
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption aes-256
hash sha
group 5
lifetime 86400
tunnel-group <Peer IP address> ipsec-attributes
pre-shared-key <a key of your choice>
#END
I will add all kind of VPN config here, as well as I will try to make the same with Vyatta not only Cisco.
I hope it will help!
;)
No comments:
Post a Comment