Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

ASA L2L tunnel

How do you 'tell' the ASAs to build an IPSEC tunnel? How do you configure the above for "interesting traffic"? If we want the users on the remote site to click the Outlook icon to have access to the Exchange server at HQ via L2L tunnel, how is thus done?

1 ACCEPTED SOLUTION

Accepted Solutions

Re: ASA L2L tunnel

Said,

I assume this is your first time in building a L2L ipsec tunnel between two devices.

Building the tunnel is rather straight forward as long you follow carefully a set of Ipsec rules and policies required to coninside and agree at both ends of the tunnel termination.

I suggest to look at these two links, the first and second link are examples of simple L2L VPN between two firewalls.

L2L ASA to ASA ipsec tunnels

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00805a87f7.shtml

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080950890.shtml

This link bellow will help you understand the syntax used to build Ipsec tunnels in general.

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a0080094203.shtml

Once you have built the Ipsec tunnel policy at both ends seen in the fisrt link example provided the interesting traffic is trigger by accessing the host/outlook server in the HQ from the branch office based on the access list configured on the tunnel policy, in other words,interesting traffic simply means the users in branch office initiate some type of traffic such as a ping or any type of traffic towards the host/outlook server in HQ to bring up the ipsec tunnel

Regards

3 REPLIES

Re: ASA L2L tunnel

Said,

I assume this is your first time in building a L2L ipsec tunnel between two devices.

Building the tunnel is rather straight forward as long you follow carefully a set of Ipsec rules and policies required to coninside and agree at both ends of the tunnel termination.

I suggest to look at these two links, the first and second link are examples of simple L2L VPN between two firewalls.

L2L ASA to ASA ipsec tunnels

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00805a87f7.shtml

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080950890.shtml

This link bellow will help you understand the syntax used to build Ipsec tunnels in general.

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a0080094203.shtml

Once you have built the Ipsec tunnel policy at both ends seen in the fisrt link example provided the interesting traffic is trigger by accessing the host/outlook server in the HQ from the branch office based on the access list configured on the tunnel policy, in other words,interesting traffic simply means the users in branch office initiate some type of traffic such as a ping or any type of traffic towards the host/outlook server in HQ to bring up the ipsec tunnel

Regards

Community Member

Re: ASA L2L tunnel

Thank you.

Re: ASA L2L tunnel

Said, you're welcome.. thanks for rating..

if any issues drop us a note to assist.

Regards

138
Views
0
Helpful
3
Replies
CreatePlease to create content