Site to Site ASA

From Internetworkpro

This page is currently in progress and is not completed Please note that the information on this page is pending completion by the author. You can help contribute by using the edit tab above. See where else you can help at Category:InProgress

This page or section provides device configuration instructions Please note that the information on this page has not been checked for accuracy and is not intended as a replacement to documentation. Please ensure you understand your desired objectives before attempting to apply any examples listed. See more examples at Category:Configuration

access-list SITE2SITE extended permit ip 10.2.0.0 255.255.0.0 10.51.100.0 255.255.255.0 access-list inside_nat0_outbound extended permit ip 10.2.0.0 255.255.0.0 10.51.100.0 255.255.255.0

crypto isakmp policy 1

authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400

crypto ipsec transform-set aes256-sha esp-aes-256 esp-sha-hmac

crypto map outside_map 1 match address SITE2SITE crypto map outside_map 1 set peer x.x.x.x crypto map outside_map 1 set transform-set aes256-sha

tunnel-group x.x.x.x type ipsec-l2l tunnel-group x.x.x.x ipsec-attributes

pre-shared-key VPNZZZftw123!!##@@

Site2

access-list SITE2SITE extended permit ip 10.51.100.0 255.255.255.0 10.2.0.0 255.255.0.0 access-list inside_nat0_outbound extended permit ip 10.51.100.0 255.255.255.0 10.2.0.0 255.255.0.0

crypto isakmp policy 1

authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400

crypto ipsec transform-set aes256-sha esp-aes-256 esp-sha-hmac

crypto map outside_map 1 match address SITE2SITE crypto map outside_map 1 set peer y.y.y.y crypto map outside_map 1 set transform-set aes256-sha

tunnel-group y.y.y.y type ipsec-l2l tunnel-group y.y.y.y ipsec-attributes

pre-shared-key VPNZZZftw123!!##@@