Saturday, June 25, 2011

Cisco IOS to ASA (8.4) - Basic IPSec Site-to-Site VPN

R1 - 

crypto isakmp policy 1
 encr 3des
 hash md5
 authentication pre-share
 group 2
crypto isakmp key ipexpert address 10.1.1.2

crypto ipsec transform-set oscar esp-3des esp-md5-hmac 

crypto map shelby 1 ipsec-isakmp 
 set peer 10.1.1.2
 set transform-set oscar 
 match address 100

access-list 100 permit ip host 2.2.2.2 host 1.1.1.1

interface FastEthernet0/0
 ip address 10.1.1.25 255.255.255.0
 duplex auto
 speed auto
 crypto map shelby

****************************
ASA -

crypto ipsec ikev1 transform-set oscar esp-3des esp-md5-hmac 

crypto map shelby 1 match address abby
crypto map shelby 1 set peer 10.1.1.25 
crypto map shelby 1 set ikev1 transform-set oscar
crypto map shelby interface outside

crypto ikev1 enable outside
crypto ikev1 policy 1
 authentication pre-share
 encryption 3des
 hash md5
 group 2
 lifetime 86400

tunnel-group adrian type ipsec-l2l
tunnel-group 10.1.1.25 type ipsec-l2l
tunnel-group 10.1.1.25 ipsec-attributes
ikev1 pre-shared-key *****

access-list abby extended permit ip host 2.2.2.2 host 1.1.1.1 
access-list abby extended permit ip host 1.1.1.1 host 2.2.2.2 
  


Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)