【原创】ASA 9.X IPSec L2L VPN (ikev1)

fortune · ‎12-17-2017

这里写一篇ASA 9.x版本的IOS 的IPSec lan to lan VPN 配置

拓扑比较简单：
北京10.1.1.0 ---------ASA1------------ASA2-------------广州172.16.1.0

这里配置一个站点的信息，另外一个站点的类似，感兴趣流反过来，peer IP地址不一样

object network bj

 subnet 10.1.1.0 255.255.255.0

object network gz

 subnet 172.16.1.0 255.255.255.0

access-list vpn extended permit ip 10.1.1.0 255.255.255.0 172.16.1.0 255.255.255.0 

object network lannat

 subnet 10.1.1.0 255.255.255.0

 nat (inside,outside) dynamic interface

route outside 0.0.0.0 0.0.0.0 192.168.123.1 1

nat (inside,outside) source static bj bj destination static gz gz no-proxy-arp route-lookup

crypto ikev1 enable outside

crypto ikev1 policy 10

 authentication pre-share

 encryption 3des

 hash md5

 group 2

 lifetime 86400

crypto ipsec ikev1 transform-set ts esp-des esp-md5-hmac 

crypto map cmp 10 match address vpn

crypto map cmp 10 set peer 192.168.123.70 

crypto map cmp 10 set ikev1 transform-set ts

crypto map cmp interface outside

【原创】ASA 9.X IPSec L2L VPN (ikev1)

2018.01.01 新年快乐！

【原创翻译】繁忙的2019，思科无线与移动大事件回顾

【原创翻译】构建5G业务案例