Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Site to Site VPN on ASA

Hi,

As I am trying to create site to site VPN.

The other side they have given me parameters.

Phase 2 parameter is esp-3des esp-sha-hmac.

SIM IP subnet is 10.85.170.0/23 and VPN gateway is 41.220.75.1

IKE Encryption (Phase 1): 3DES

IKE Hash (Phase 1): SHA1

IKE Diffie-Hellman Group: 2

IKE lifetime: (default 86400 seconds)

IPSEC Phase 2 Encryption: 3DES

IPSEC Phase 2 Hash: SHA1

As based on this parameters i have done configuration.

crypto ipsec transform-set xxxxx esp-3des esp-sha-hmac

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

crypto map IPSec_map 10 match address fasttrack

crypto map IPSec_map 10 set peer 41.220.75.1

crypto map IPSec_map 10 set transform-set xxxx

crypto map IPSec_map interface OUTSIDE

crypto isakmp enable OUTSIDE

crypto isakmp policy 1

authentication pre-share

encryption 3des

hash sha

group 2sh

lifetime 86400

tunnel-group 41.220.75.1 type ipsec-l2l

tunnel-group 41.220.75.1 ipsec-attributes

pre-shared-key xxxxxx

access-list fasttrack extended permit ip 10.85.170.0 255.255.254.0 host 63.173.33.69

crypto isakmp enable OUTSIDE

Can any one can tell my configuration is correct.

thanks,

Everyone's tags (2)
2 REPLIES
New Member

Site to Site VPN on ASA

Hi Varun,

I am expecting you reply.

Thanks,

Red

Site to Site VPN on ASA

Hi Hemant,

The configuration is good, you can refer to this config example also:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080950890.shtml

Thanks,
Varun Rao
Security Team,
Cisco TAC

Thanks, Varun Rao Security Team, Cisco TAC
655
Views
0
Helpful
2
Replies