nxll15 site to site vpn

Lab 15: Site to Site VPN

1. Configure IP Address as per given in topology.

2. Make sure ICMP open for all networks in ASA's.

3. Configure PAT on both ASA.

4. Make sure ASA1 and ASA2 ping each other.

5. Configure Site-to-Site VPN over ASA. Make sure both 192.168.1.2 and 192.168.2.2 ping each

other. Use Nat exemption for VPN traffic.

Figure 1 Topology

Solution

Task 2: Make sure ICMP open for all networks in ASA's.

Both ASA's

access-list ICMP permit icmp any any

access-group ICMP in interface outside

Task 3: Configure PAT on both ASA.

nat (inside) 1 192.168.1.0 255.255.255.0

global (outside) 1 interface

nat (inside) 1 192.168.2.0 255.255.255.0

global (outside) 1 interface

Task 4: Make sure ASA1 and ASA2 ping each other.

route outside 0 0 101.1.1.1

route outside 0 0 102.1.1.1

Task 5: Configure Site-to-Site VPN over ASA. Make sure both 192.168.1.2 and 192.168.2.2 ping

each other. Use Nat exemption for VPN traffic.

crypto isakmp policy 1

authentication pre-share

encryption 3des

group 2

crypto isakmp key cisco address 102.1.1.100

crypto ipsec transform-set tset esp-3des esp-sha-hmac

access-list VPN permit ip host 192.168.1.100 host 192.168.2.100

crypto map CMAP 10 set transform-set tset

crypto map CMAP 10 match address VPN

crypto map CMAP 10 set peer 102.1.1.100

crypto isakmp enable OUTSIDE

crypto map CMAP interface outside

NAT Exemption

access-list nonat permit ip host 192.168.1.2 host 192.168.2.2

nat (inside) 0 access-list nonat

crypto isakmp policy 1

authentication pre-share

encryption 3des

group 2

crypto isakmp key cisco address 101.1.1.100

crypto ipsec transform-set tset esp-3des esp-sha-hmac

access-list VPN permit ip host 192.168.2.100 host 192.168.1.100

crypto map CMAP 10 set transform-set tset

crypto map CMAP 10 match address VPN

crypto map CMAP 10 set peer 101.1.1.100

crypto isakmp enable OUTSIDE

crypto map CMAP interface outside

NAT Exemption

access-list nonat permit ip host 192.168.2.2 host 192.168.1.2

nat (inside) 0 access-list nonat

nxll15 site to site vpn

Documents

hp r100 wireless vpn router series data sheet · data sheet...

brocade vyatta network os ipsec site-to-site vpn ... · pdf...

establish site-to-site vpn connection using digital...

migrating asa to firepower threat defense site-to-site vpn...

how to build site to site vpn with mikrotik - biznet gio...

site-to-site and extranet vpn

p4-ipsec: site-to-site and host-to-site vpn with ipsec in

vpn : client to site và vpn site to site

vpn site to site

creating ipsec site-to-site vpn tunnel between a...

site-to-site vpn configuration examples

site to site vpn in r80 · 2021. 3. 23. · site to site...

chapter 8: lab a: configuring a site-to-site vpn using...

chapter 8: lab a: configuring a site-to-site vpn using...

1 site-to-site vpn to a converged plantwide ethernet...

cisco vpn solutions€¦ · vpn overview © 2001, cisco...

rras site to site vpn

creating ipsec site-to-site vpn tunnel between a...

Настройка site-to-site vpn на...

vpn site-to-site openswan cisco - centos -ipsec (2)