General-attributes Enter the general-attributes sub command mode Also, notice that we must define the connection type (ipsec-l2l) before we can configure the pre-shared key.į1(config)# tunnel-group 172.16.2.2 type ipsec-l2l Since we're using pre-shred key authentication, we need to name our tunnel group as the IP address of the remote peer. We flip the addresses on F2 to match traffic heading the opposite direction:į2(config)# access-list LAN_Traffic extended permit ip 10.0.2.0 255.255.255.0 10.0.1.0 255.255.255.0 Step 4: Create a Tunnel GroupĪ tunnel group holds tunnel configuration parameters, namely the connection type and authentication method. In the real world, crypto map ACLs can be quite complex. This access list will be referenced by the crypto map we'll create in step five. Next we need to create an access list to match plain (unencrypted) traffic which should be encrypted and routed through the IPsec tunnel between the two LANs. Our transform set is named L2L.į1(config)# crypto ipsec transform-set L2L esp-aes-256 esp-sha-hmacį2(config)# crypto ipsec transform-set L2L esp-aes-256 esp-sha-hmac Step 3: Create an ACL to Match Traffic While it is possible to enable several options, both sides of our VPN will be configured to support only 256-bit AES and SHA-1. The finished configuration can be copied verbatim from F1 to F2:Īn IPsec transform set establishes the encryption and authentication (HMAC) methods to be employed by the IPsec SAs. For more background on IPsec fundamentals, see my IPsec quick and dirty article.įor simplicity, we'll use a static pre-shared key for ISAKMP authentication (which will be defined in step four).į1(config-isakmp-policy)# authentication pre-shareį1(config-isakmp-policy)# encryption aes-256 ISAKMP is used to establish the initial asymmetrically encrypted channels between the two endpoints so that they can securely negotiate a pair of one-way IPsec security associations (SAs).
#How to do 2 lan 2 wan asa 5505 cisco how to#
Here we'll see how to configure a simple L2L VPN as pictured in the below topology in a few simple steps. LAN-to-LAN VPNs are typically used to transparently connect geographically disparate LANs over an untrusted medium (e.g. Today we're going to look at LAN-to-LAN VPNs using the pair of ASA 5505s in the community lab.
0 kommentar(er)
