这里写一篇ASA 9.x版本的IOS 的IPSec lan to lan VPN 配置
拓扑比较简单:
北京10.1.1.0 ---------ASA1------------ASA2-------------广州172.16.1.0
这里配置一个站点的信息,另外一个站点的类似,感兴趣流反过来,peer IP地址不一样
object network bj
subnet 10.1.1.0 255.255.255.0
object network gz
subnet 172.16.1.0 255.255.255.0
access-list vpn extended permit ip 10.1.1.0 255.255.255.0 172.16.1.0 255.255.255.0
object network lannat
subnet 10.1.1.0 255.255.255.0
nat (inside,outside) dynamic interface
route outside 0.0.0.0 0.0.0.0 192.168.123.1 1
nat (inside,outside) source static bj bj destination static gz gz no-proxy-arp route-lookup
crypto ikev1 enable outside
crypto ikev1 policy 10
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
crypto ipsec ikev1 transform-set ts esp-des esp-md5-hmac
crypto map cmp 10 match address vpn
crypto map cmp 10 set peer 192.168.123.70
crypto map cmp 10 set ikev1 transform-set ts
crypto map cmp interface outside