Documente Academic
Documente Profesional
Documente Cultură
using ASA?
Site-to-Site secure VPN tunnel using the ASA (Adaptive Security Appliances) enables an encrypted connection
between private networks over a public network such as the internet.
For example:
Authentication
Hash
Encryption
Group
For example:
Esp-des
Esp-md5-hmac
Esp-aes
Asp-sha-hmac
ASA-A(config)#crypto isakmp key office address 20.1.1.20 (Here Key is "office" and 20.1.1.20 is ASA - B
Address)
ASA-A(config)#access-list 100 permit ip host 20.1.1.10 host 20.1.1.20 (100 is access list number and 20.1.1.10
is source address and 20.1.1.20 is destination address.)
ASA-A(config)#crypto ipsec transform-set ts2 esp-des esp-md5-hmac (Here encryption type is des and hashing
technique is md5-hmac)
ASA-A(config)# crypto map imap 10 match address 100 (apply the access list)
ASA-A(config)# crypto map imap 10 set transform-set ts2 (apply the transform set)
ASA-A(config)# crypto map imap 10 set peer 20.1.1.20 (Set remote peer address)
ASA-A(config)# crypto map imap interface outside (Apply crypto map on outside interface)
ASA-A(config)# crypto isakmp enable outside (To enable crypto isakmp on ASA)
Configuration of ASA on side B
ASA-B(config)#crypto isakmp key office address 20.1.1.10 (Here Key is "office" and 20.1.1.10 is ASA - A
Address)
ASA-B(config)#access-list 100 permit ip host 20.1.1.20 host 20.1.1.10 (100 is access list number and 20.1.1.20
is source address and 20.1.1.10 is destination address.)
ASA-B(config)#crypto ipsec transform-set ts2 esp-des esp-md5-hmac (Here encryption type is des and hashing
technique is md5-hmac)
ASA-B(config)# crypto map imap 10 match address 100 (apply the access list)
ASA-B(config)# crypto map imap 10 set transform-set ts2 (apply the transform set)
ASA-B(config)# crypto map imap 10 set peer 20.1.1.10 (Set remote peer address)
ASA-B(config)# crypto map imap interface outside (Apply crypto map on outside interface)
ASA-B(config)# crypto isakmp enable outside (To enable crypto isakmp on ASA)