Versions Compared

Old Version 4

changes.mady.by.user Adam Melong

Saved on

compared with

New Version 5

changes.mady.by.user Adam Melong

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Site-Site

  1. Define the Networks
    1. Create the Crypto Map ACL
    2. Create the No-Nat ACL (Networks/hosts to which the packets should not be changed)
    3. Apply the No-NAT
    4. Create a Transform set
    5. Create the Crypto Map
    6. Enable isakmp on interface
    7. Create isakmp policies
    8. Create policy for Tunnel-Group (Site-Site hosts)
    9. Apply Tunnel-Group and Attributes
      1. Code Block
        object-group network Remote_VPN
 network-object 10.10.10.0 255.255.255.0
 network-object 10.20.20.0 255.255.255.0
object-group network Remote_Internal
 network-object 172.16.1.0 255.255.255.0
 network-object 172.16.2.0 255.255.255.0
 network-object 172.16.3.0 255.255.255.0
 network-object 172.16.4.0 255.255.255.0
 network-object 172.18.0.0 255.255.0.0
object-group network Remote_Combined
 group-object Remote_VPN
 group-object Remote_Internal
    11. Create the Crypto Map ACL
    12. Create the No-Nat ACL (Networks/hosts to which the packets should not be changed)
    13. Apply the No-NAT
    14. Create a Transform set
    15. Create the Crypto Map
    16. Enable isakmp on interface
    17. Create isakmp policies
    18. Create policy for Tunnel-Group (Site-Site hosts)
    19. Apply Tunnel-Group and Attributes
     

    access-list outside_cryptomap_1 extended permit ip 172.32.100.0 255.255.255.0 object-group 4POINT_ACCESS
    access-list VPNNONAT extended permit ip 172.32.100.0 255.255.255.0 object-group 4POINT_ACCESS
    nat (inside) 0 access-list VPNNONAT
    crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
    crypto ipsec security-association lifetime seconds 28800
    crypto ipsec security-association lifetime kilobytes 4608000
    crypto map MELONGCryptoMaps 1 match address outside_cryptomap_1
    crypto map MELONGCryptoMaps 1 set peer 66.46.186.170
    crypto map MELONGCryptoMaps 1 set transform-set ESP-AES-256-SHA
    crypto map MELONGCryptoMaps interface outside
    crypto isakmp enable outside
    crypto isakmp policy 30
    authentication pre-share
    encryption aes
    hash sha
    group 2
    lifetime 86400
    crypto isakmp policy 50
    authentication pre-share
    encryption aes-256
    hash sha
    group 2
    lifetime 86400
    group-policy Site2Site internal
    group-policy Site2Site attributes
    vpn-tunnel-protocol IPSec l2tp-ipsec
    tunnel-group 66.46.186.170 type ipsec-l2l
    tunnel-group 66.46.186.170 general-attributes
    default-group-policy Site2Site
    tunnel-group 66.46.186.170 ipsec-attributes
    pre-shared-key melongP@$$

    ...