Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
519
Views
0
Helpful
2
Replies

Site to SIte VPN with ASA's and 2nd VPN backup

joan.porta
Level 1
Level 1

‎12-30-2008 05:51 AM

Hello,

I know how to configure VPN's site to site with ASA's and also know Static Routing tracking.

Would like to know how to configure the two ASA's of the attached schemma.

Labels:
Preview file
32 KB
0 Helpful
2 Replies 2

Pravin Phadte
Level 5
Level 5

‎12-31-2008 02:18 AM

interface Vlan1

nameif inside

security-level 100

ip address

no shutdown

!

interface Vlan2

nameif outside

security-level 0

ip address

no shutdown

!

! Backup Line Configuration

interface Vlan3

nameif backup

security-level 0

ip address

no shutdown

! Connect the primary Internet line to interface E0/0

interface Ethernet0/0

switchport access vlan 2

no shutdown

!

! This interface is for backup Internet line

interface Ethernet0/1

switchport access vlan 3

no shutdown

!

! Connect the primary Inside connection to interface E0/2

interface Ethernet0/2

switchport access vlan 1

no shutdown

!

management-access inside

!

! Default route to the provider redundant

route outside 0.0.0.0 0.0.0.0 1 track 1

route backup 0.0.0.0 0.0.0.0 254

! NAT Translation for Internet access

global (outside) 1 interface

global (backup) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0

! NAT Exempt configuration

access-list NoNAT extended permit ip

nat (inside) 0 access-list NoNAT

!

! Specification on what to encrypt

access-list outside_100_cryptomap extended permit ip

access-list backup_100_cryptomap extended permit ip

!

crypto isakmp enable outside

crypto isakmp enable backup

crypto isakmp policy 10

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

!

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

!

crypto map outside_map 100 match address outside_100_cryptomap

crypto map outside_map 100 set connection-type answer-only

crypto map outside_map 100 set peer

crypto map outside_map 100 set pfs

crypto map outside_map 100 set transform-set ESP-3DES-SHA

crypto map outside_map 100 set security-association lifetime seconds 120

crypto map outside_map interface outside

!

!

crypto map backup_map 100 match address backup_100_cryptomap

crypto map backup_map 100 set connection-type answer-only

crypto map backup_map 100 set peer

crypto map backup_map 100 set pfs

crypto map backup_map 100 set transform-set ESP-3DES-SHA

crypto map backup_map 100 set security-association lifetime seconds 120

crypto map backup_map interface backup

!

tunnel-group type ipsec-l2l

tunnel-group ipsec-attributes

pre-shared-key

! Backup link Redundancy

!

sla monitor 123

type echo protocol ipIcmpEcho interface outside

num-packets 3

frequency 300

sla monitor schedule 123 life forever start-time now

!

track 1 rtr 123 reachability

0 Helpful

Pravin Phadte
Level 5
Level 5
In response to Pravin Phadte

‎12-31-2008 02:18 AM

REMOTE END CONFIGURATION

!Access List defining the pool of remote network inside ip address range

!

access-list extended permit ip

!

access-list acl_nonat_server extended permit ip

!

!

!Crypto map for IPsec Tunnel

crypto map outside_map match address

crypto map outside_map set pfs

crypto map outside_map set connection-type originate-only

crypto map outside_map set peer

crypto map outside_map set transform-set ESP-3DES-SHA

crypto map outside_map set security-association lifetime seconds 120

crypto map outside_map set security-association lifetime kilobytes 4608000

tunnel-group type ipsec-l2l

tunnel-group ipsec-attributes

pre-shared-key

tunnel-group type ipsec-l2l

tunnel-group ipsec-attributes

pre-shared-key

0 Helpful
Customers Also Viewed These Support Documents