Scribd Logo
Upload

Welcome to Scribd!

  • 2 views

    Site To Site VPN ASA IKEv1.0

    Uploaded by

    ash.shibu1997
    site to site vpn ASA IKEv1.0

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    Site To Site VPN ASA IKEv1.0

    Uploaded by

    ash.shibu1997
    2 views3 pages
    site to site vpn ASA IKEv1.0

    Original Title

    site to site vpn ASA IKEv1.0

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    site to site vpn ASA IKEv1.0

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    2 views3 pages

    Site To Site VPN ASA IKEv1.0

    Uploaded by

    ash.shibu1997
    site to site vpn ASA IKEv1.0

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    of 3

    Site-To-Site VPN Using IKE V1.

    Step 1: Interesting traffic initiates the IPsec process in the IPsec peers starts
    with IKE process.

    Step 2: IKE phase one—IKE authenticates IPsec peers and negotiates IKE SAs during
    this phase, setting up a secure channel for negotiating IPsec SAs in phase two.

    Step 3: IKE phase two—IKE negotiates IPsec SA parameters and sets up matching
    IPsec SAs in the peers.

    Step 4: Data transfer—Data is transferred between IPsec peers based on the


    IPSec parameters and keys stored in the SA database.

    Step 5: IPSec tunnel termination—IPsec SAs terminate through deletion or by timing out.
    ASA1
    Step 1: Configure ISAKMP policy

    crypto ikev1 policy 10


    authentication pre-share
    encryption aes
    hash sha

    Step 2: Configure transform-set

    crypto ipsec ikev1 transform-set myset esp-aes esp-sha-hmac

    Step 3: Configure ACL

    access-list L2LACL extended permit ip 192.168.1.0 255.255.255.0 192.168.2.0


    255.255.255.0

    Step 4: Configure Tunnel group

    tunnel-group 202.0.0.1 type ipsec-L2L


    tunnel-group 202.0.0.1 ipsec-attributes
    ikev1 pre-shared-key iprulers

    Step 5: Configure crypto map and attach to interface

    crypto map mymap 1 match address L2LACL


    crypto map mymap 1 set peer 202.0.0.2
    crypto map mymap 1 set ikev1 transform-set myset
    crypto map mymap 1set security-association lifetime seconds 3600
    crypto map mymap interface outside

    Step 6: Enable isakmp on interface

    crypto ikev1 isakmp enable outside


    ASA2
    Step 1: Configure ISAKMP policy

    crypto ikev1 policy 10


    authentication pre-share
    encryption aes
    hash sha

    Step 2: Configure transform-set

    crypto ipsec ikev1 transform-set myset esp-aes esp-sha-hmac

    Step 3: Configure ACL

    access-list L2LACL extended permit ip 192.168.1.0 255.255.255.0 192.168.2.0


    255.255.255.0

    Step 4: Configure Tunnel group

    tunnel-group 202.0.0.1 type ipsec-L2L


    tunnel-group 202.0.0.1 ipsec-attributes
    ikev1 pre-shared-key iprulers

    Step 5: Configure crypto map and attach to interface

    crypto map mymap 1 match address L2LACL


    crypto map mymap 1 set peer 202.0.0.2
    crypto map mymap 1 set ikev1 transform-set myset
    crypto map mymap 1set security-association lifetime seconds 3600
    crypto map mymap interface outside

    Step 6: Enable isakmp on interface

    crypto ikev1 isakmp enable outside

    Verification
    ASA1# show crypto isakmp sa
    ASA1# show crypto ipsec sa

    You might also like