Solved: ASA L2L tunnel

saidfrh · ‎04-15-2009

How do you 'tell' the ASAs to build an IPSEC tunnel? How do you configure the above for "interesting traffic"? If we want the users on the remote site to click the Outlook icon to have access to the Exchange server at HQ via L2L tunnel, how is thus done?

JORGE RODRIGUEZ · ‎04-15-2009

Said,

I assume this is your first time in building a L2L ipsec tunnel between two devices.

Building the tunnel is rather straight forward as long you follow carefully a set of Ipsec rules and policies required to coninside and agree at both ends of the tunnel termination.

I suggest to look at these two links, the first and second link are examples of simple L2L VPN between two firewalls.

L2L ASA to ASA ipsec tunnels

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00805a87f7.shtml

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080950890.shtml

This link bellow will help you understand the syntax used to build Ipsec tunnels in general.

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a0080094203.shtml

Once you have built the Ipsec tunnel policy at both ends seen in the fisrt link example provided the interesting traffic is trigger by accessing the host/outlook server in the HQ from the branch office based on the access list configured on the tunnel policy, in other words,interesting traffic simply means the users in branch office initiate some type of traffic such as a ping or any type of traffic towards the host/outlook server in HQ to bring up the ipsec tunnel

Regards

Jorge Rodriguez

View solution in original post

JORGE RODRIGUEZ · ‎04-15-2009

Said,

I assume this is your first time in building a L2L ipsec tunnel between two devices.

Building the tunnel is rather straight forward as long you follow carefully a set of Ipsec rules and policies required to coninside and agree at both ends of the tunnel termination.

I suggest to look at these two links, the first and second link are examples of simple L2L VPN between two firewalls.

L2L ASA to ASA ipsec tunnels

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00805a87f7.shtml

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080950890.shtml

This link bellow will help you understand the syntax used to build Ipsec tunnels in general.

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a0080094203.shtml

Once you have built the Ipsec tunnel policy at both ends seen in the fisrt link example provided the interesting traffic is trigger by accessing the host/outlook server in the HQ from the branch office based on the access list configured on the tunnel policy, in other words,interesting traffic simply means the users in branch office initiate some type of traffic such as a ping or any type of traffic towards the host/outlook server in HQ to bring up the ipsec tunnel

Regards

Jorge Rodriguez

saidfrh · ‎04-15-2009

Thank you.

JORGE RODRIGUEZ · ‎04-15-2009

Said, you're welcome.. thanks for rating..

if any issues drop us a note to assist.

Regards

Jorge Rodriguez