L2L VPN Tunnel

Unanswered Question
Nov 5th, 2008
User Badges:

Good day all,

As of now, Main office ASA5550 and branch office ASA5510 L2L VPN Tunnel is working (both peers are Public IP). In addition to that I want to create another tunnel from branch office 1841 (which IP address is Private) to mainoffice ASA5550. Kindly advice me to configure in ASA5550, without interrupt the first tunnel.

thanks & regards,


1841-configuration

-------------------

Building configuration...


Current configuration : 2638 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname VPNTest

!

boot-start-marker

boot-end-marker

!

no logging buffered

enable password cisco

!

no aaa new-model

ip cef

!

!

no ip dhcp use vrf connected

!

ip dhcp pool branch

network 192.168.1.0 255.255.255.0

dns-server 10.140.15.3 10.140.15.4

default-router 192.168.1.1

!

!

ip dhcp-server 192.168.1.1

!

multilink bundle-name authenticated

chat-script rock"" "atdt*99#" TIMEOUT 180 "CONNECT

!

!

!

!

!

!

!

!

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

crypto isakmp key 12345 address 195.18.16.1

!

!

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

!

crypto map SDM_CMAP_1 1 ipsec-isakmp

description Tunnel to195.18.16.1

set peer 195.18.16.1

set transform-set ESP-3DES-SHA

match address 100

!

!

!

!

interface FastEthernet0/0

ip address 192.168.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/1

no ip address

shutdown

duplex auto

speed auto

!

interface Cellular0/1/0

no ip address

ip nat outside

ip virtual-reassembly

encapsulation ppp

dialer in-band

dialer pool-member 1

dialer-group 1

async mode interactive

ppp authentication chap optional

crypto map SDM_CMAP_1

!

interface Dialer1

ip address negotiated

ip nat outside

ip virtual-reassembly

encapsulation ppp

dialer pool 1

dialer idle-timeout 0

dialer string rock

dialer persistent delay initial 5

dialer-group 1

no peer default ip address

ppp authentication chap optional

ppp chap hostname yourname

ppp chap password 0 xxx

ppp ipcp dns request

crypto map SDM_CMAP_1

!

ip route 0.0.0.0 0.0.0.0 Dialer1

!

!

ip http server

no ip http secure-server

ip nat inside source route-map SDM_RMAP_1 interface Dialer1 overload

!

access-list 1 remark SDM_ACL Category=16

access-list 1 permit any

access-list 100 remark SDM_ACL Category=4

access-list 100 remark IPSec Rule

access-list 100 permit ip 192.168.1.0 0.0.0.255 193.188.163.0 0.0.0.255

access-list 101 remark SDM_ACL Category=2

access-list 101 remark IPSec Rule

access-list 101 deny ip 192.168.1.0 0.0.0.255 193.188.163.0 0.0.0.255

access-list 101 permit ip any any

dialer-list 1 protocol ip list 1

!

!

route-map SDM_RMAP_1 permit 1

match ip address 101

!

!

!

control-plane

!

!

line con 0

logging synchronous

line aux 0

line 0/1/0

exec-timeout 0 0

script dialer rock

login

modem InOut

no exec

speed 384000

line vty 0 4

logging synchronous

login

line vty 5 15

logging synchronous

login

!

scheduler allocate 20000 1000


!

webvpn cef

!

end


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
smahbub Tue, 11/11/2008 - 07:12
User Badges:
  • Silver, 250 points or more

Two commands are used in order to allow the communication between the VPN networks and identify the traffic that should be tunneled or encrypted. This enables you to have access to the internet without having to send that traffic through the VPN tunnel. In order to configure these two options, issue the split-tunnel and same-security-traffic commands.Two tunnels can be configured between branch office and main office.


Look at the following url for the steps required to add a new VPN tunnel or a remote access VPN to a L2L VPN configuration that already exists:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807f9a89.shtml

Actions

This Discussion