Upload File

nxll15 site to site vpn

4
Lab 15: Site to Site VPN Task 1. Configure IP Address as per given in topology. 2. Make sure ICMP open for all networks in ASA's. 3. Configure PAT on both ASA. 4. Make sure ASA1 and ASA2 ping each other. 5. Configure Site-to-Site VPN over ASA. Make sure both 192.168.1.2 and 192.168.2.2 ping each other. Use Nat exemption for VPN traffic. Figure 1 Topology

Upload: netwax-lab

Post on 06-Aug-2015

54 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Nxll15 site to site vpn

Lab 15: Site to Site VPN

Task

1. Configure IP Address as per given in topology.

2. Make sure ICMP open for all networks in ASA's.

3. Configure PAT on both ASA.

4. Make sure ASA1 and ASA2 ping each other.

5. Configure Site-to-Site VPN over ASA. Make sure both 192.168.1.2 and 192.168.2.2 ping each

other. Use Nat exemption for VPN traffic.

Figure 1 Topology

Page 2: Nxll15 site to site vpn

Lab 15: Site to Site VPN

Solution

Task 2: Make sure ICMP open for all networks in ASA's.

Both ASA's

access-list ICMP permit icmp any any

access-group ICMP in interface outside

Task 3: Configure PAT on both ASA.

ASA 1

nat (inside) 1 192.168.1.0 255.255.255.0

global (outside) 1 interface

ASA2

nat (inside) 1 192.168.2.0 255.255.255.0

global (outside) 1 interface

Task 4: Make sure ASA1 and ASA2 ping each other.

ASA 1

route outside 0 0 101.1.1.1

ASA 2

route outside 0 0 102.1.1.1

Task 5: Configure Site-to-Site VPN over ASA. Make sure both 192.168.1.2 and 192.168.2.2 ping

each other. Use Nat exemption for VPN traffic.

ASA 1

crypto isakmp policy 1

authentication pre-share

encryption 3des

group 2

exit

crypto isakmp key cisco address 102.1.1.100

crypto ipsec transform-set tset esp-3des esp-sha-hmac

exit

Page 3: Nxll15 site to site vpn

Lab 15: Site to Site VPN

access-list VPN permit ip host 192.168.1.100 host 192.168.2.100

exit

crypto map CMAP 10 set transform-set tset

crypto map CMAP 10 match address VPN

crypto map CMAP 10 set peer 102.1.1.100

exit

crypto isakmp enable OUTSIDE

crypto map CMAP interface outside

NAT Exemption

access-list nonat permit ip host 192.168.1.2 host 192.168.2.2

nat (inside) 0 access-list nonat

ASA 2

crypto isakmp policy 1

authentication pre-share

encryption 3des

group 2

exit

crypto isakmp key cisco address 101.1.1.100

crypto ipsec transform-set tset esp-3des esp-sha-hmac

exit

access-list VPN permit ip host 192.168.2.100 host 192.168.1.100

exit

crypto map CMAP 10 set transform-set tset

crypto map CMAP 10 match address VPN

crypto map CMAP 10 set peer 101.1.1.100

exit

crypto isakmp enable OUTSIDE

crypto map CMAP interface outside

Page 4: Nxll15 site to site vpn

Lab 15: Site to Site VPN

NAT Exemption

access-list nonat permit ip host 192.168.2.2 host 192.168.1.2

nat (inside) 0 access-list nonat


Site−to−Site IPsec VPN

SoftEther VPN · 2016. 10. 15. · Features of SoftEther VPN • Free and open-source software. • Easy to establish both remote-access and site-to-site VPN. • SSL-VPN Tunneling

vpn ipsec site-to-site peer

Rras Site to Site VPN

Step by Step Azure Site to Site VPN with SonicWall ... · PDF fileSite VPN with SonicWall Hardware Firewall Hussain ... MCTS, MCITP, MCSA, MCSE ... configured Azure Site to Site VPN

Creating IPSec Site-to-Site VPN Tunnel between a ...images.denit.net/VDC/IPSec Site-to-Site VPN Between Org vDC and... · Creating IPSec Site-to-Site VPN Tunnel between a Organization

Brocade Vyatta Network OS IPsec Site-to-Site VPN ... · PDF fileIPsec Site-to-Site VPN Configuration Guide, ... Benefits of IPsec VPNs ... Configure WEST

VPN Site-To-Site Openswan Cisco - CentOS -IPSEC (2)

AWS Site-to-Site VPN … · La gateway privada virtual es el concentrador VPN que se encuentra en el extremo de Amazon de la conexión de Site-to-Site VPN. Cree una gateway privada

¸‚อบเขต ซื้อ... · 5.3. 5.220. IPsec VPN (Site to Site) IPSec VPN Throughput 1.8 Gbps 52.21. Client VPN (Remote Access) SSE VPN 2,000 Windows 32 64 bits), Mac

Site 2 Site VPN

Linksys Business Gigabit VPN Routers · Linksys Business Gigabit VPN Routers The Linksys LRT series integrates Gigabit firewall, site-to-site VPN, and various remote access VPN technologies

Vpn : client to site và vpn site to site

SITE TO SITE LAYER 2 VPN WITH PPP BCP - MikroTik · Site-to-site Layer 2 VPN Site-to-site Layer 3 ... Site-to-site Layer 2 VPN with Hub-and-spoke topology. ... Spoke routers (Branch01

Creating IPSec Site-to-Site VPN Tunnel between a Organization … Site-to-Site VPN... · 2015. 5. 11. · Creating IPSec Site-to-Site VPN Tunnel between a Organization vDC vShield

AWS Site-to-Site VPN · Internet Protocol security (IPsec) VPN connections. Your Site-to-Site VPN connection is either an AWS Classic VPN or an AWS VPN. For more information, see

Site-To-Site VPN Configuration Examples

Site-To-Site and Extranet VPN

Chapter 8: Lab A: Configuring a Site-to-Site VPN Using ...jesusgonzalez.info/NuevasPracticas/Seguridad/RS_P4.pdf · • Verify site-to-site IPsec VPN configuration ... configure R1

Frequently Asked Questions - Linksys Router · Linksys’s VPN Routers for Small Business, LRT214 Gigabit VPN Router and LRT224 Dual WAN Gigabit VPN Router, support site-to-site VPN,

Migrating ASA to Firepower Threat Defense Site-to-Site VPN ...€¦ · Migrating ASA to Firepower Threat Defense Site-to-Site VPN Using IKEv2 with Certificates Verification of VPN

Chapter 8: Lab A: Configuring a Site-to-Site VPN Using ...cs.mty.itesm.mx/laboratorios/ccna-seguridad/Practicas/Practica8... · • Verify site-to-site IPsec VPN configuration

VPN - NetworkLinx · PDF fileTypes of VPNs ... Configure WEST ... vpn ipsec site‐to‐site peer local‐ip

Cisco VPN Solutions€¦ · VPN Overview © 2001, Cisco Systems, Inc. 2 Agenda • Introduction to VPNs • Cisco Remote Access VPN Solutions • Cisco Site-to-Site VPN

VPN Site to Site en Gns3 Redes230490

Brocade 5600 vRouter IPsec Site-to-Site VPN Reference Guide… · Brocade 5600 vRouter IPsec Site-to-Site VPN ... security vpn ipsec esp-group .....101 security vpn ipsec

Establish Site-to-Site VPN Connection using Digital Certificates

Establish Site-to-Site VPN Connection using Preshared Key

VPN Site to Site on Astaro

AWS Site-to-Site VPN › pt_br › vpn › latest › s2svpn › s2s-vpn-… · Ferramentas de monitoramento ... • Métricas do CloudWatch • Endereços IP reutilizáveis para

Manual VPN Site to Site(1)

Vpn site to site

Establish Site-to-Site VPN Connection using Digital ...docs.sophos.com/nsg/sophos-firewall/v15010/PDF/Establish Site-to... · Establish Site-to-Site VPN Connection using Digital Certificates

P4-IPsec: Site-to-Site and Host-to-Site VPN with IPsec in

Configure Site-to-Site IPsec Virtual Private Network (VPN