12-30-2008 05:51 AM
Hello,
I know how to configure VPN's site to site with ASA's and also know Static Routing tracking.
Would like to know how to configure the two ASA's of the attached schemma.
12-31-2008 02:18 AM
interface Vlan1
nameif inside
security-level 100
ip address
no shutdown
!
interface Vlan2
nameif outside
security-level 0
ip address
no shutdown
!
! Backup Line Configuration
interface Vlan3
nameif backup
security-level 0
ip address
no shutdown
! Connect the primary Internet line to interface E0/0
interface Ethernet0/0
switchport access vlan 2
no shutdown
!
! This interface is for backup Internet line
interface Ethernet0/1
switchport access vlan 3
no shutdown
!
! Connect the primary Inside connection to interface E0/2
interface Ethernet0/2
switchport access vlan 1
no shutdown
!
management-access inside
!
! Default route to the provider redundant
route outside 0.0.0.0 0.0.0.0
route backup 0.0.0.0 0.0.0.0
! NAT Translation for Internet access
global (outside) 1 interface
global (backup) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
! NAT Exempt configuration
access-list NoNAT extended permit ip
nat (inside) 0 access-list NoNAT
!
! Specification on what to encrypt
access-list outside_100_cryptomap extended permit ip
access-list backup_100_cryptomap extended permit ip
!
crypto isakmp enable outside
crypto isakmp enable backup
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto map outside_map 100 match address outside_100_cryptomap
crypto map outside_map 100 set connection-type answer-only
crypto map outside_map 100 set peer
crypto map outside_map 100 set pfs
crypto map outside_map 100 set transform-set ESP-3DES-SHA
crypto map outside_map 100 set security-association lifetime seconds 120
crypto map outside_map interface outside
!
!
crypto map backup_map 100 match address backup_100_cryptomap
crypto map backup_map 100 set connection-type answer-only
crypto map backup_map 100 set peer
crypto map backup_map 100 set pfs
crypto map backup_map 100 set transform-set ESP-3DES-SHA
crypto map backup_map 100 set security-association lifetime seconds 120
crypto map backup_map interface backup
!
tunnel-group
tunnel-group
pre-shared-key
! Backup link Redundancy
!
sla monitor 123
type echo protocol ipIcmpEcho
num-packets 3
frequency 300
sla monitor schedule 123 life forever start-time now
!
track 1 rtr 123 reachability
12-31-2008 02:18 AM
REMOTE END CONFIGURATION
!Access List defining the pool of remote network inside ip address range
!
access-list
!
access-list acl_nonat_server extended permit ip
!
!
!Crypto map for IPsec Tunnel
crypto map outside_map
crypto map outside_map
crypto map outside_map
crypto map outside_map
crypto map outside_map
crypto map outside_map
crypto map outside_map
tunnel-group
tunnel-group
pre-shared-key
tunnel-group
tunnel-group
pre-shared-key
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide