...
How to configure VPN
Site-Site
Define the
NetworksNetworks
Code Block object-group network Remote_VPN network-object 10.10.10.0 255.255.255.0 network-object 10.20.20.0 255.255.255.0 object-group network Remote_Internal network-object 172.16.1.0 255.255.255.0 network-object 172.16.2.0 255.255.255.0 network-object 172.16.3.0 255.255.255.0 network-object 172.16.4.0 255.255.255.0 network-object 172.18.0.0 255.255.0.0 object-group network Remote_Combined group-object Remote_VPN group-object Remote_Internal- Create the Crypto Map ACL
- Create the No-Nat ACL (Networks/hosts to which the packets should not be changed)
- Apply the No-NAT
- Create a Transform set
- Create the Crypto Map
- Enable isakmp on interface
- Create isakmp policies
- Create policy for Tunnel-Group (Site-Site hosts)
- Apply Tunnel-Group and Attributes
access-list outside_cryptomap_1 extended permit ip 172.32.100.0 255.255.255.0 object-group 4POINT_ACCESS
access-list VPNNONAT extended permit ip 172.32.100.0 255.255.255.0 object-group 4POINT_ACCESS
nat (inside) 0 access-list VPNNONAT
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map MELONGCryptoMaps 1 match address outside_cryptomap_1
crypto map MELONGCryptoMaps 1 set peer 66.46.186.170
crypto map MELONGCryptoMaps 1 set transform-set ESP-AES-256-SHA
crypto map MELONGCryptoMaps interface outside
crypto isakmp enable outside
crypto isakmp policy 30
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto isakmp policy 50
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
group-policy Site2Site internal
group-policy Site2Site attributes
vpn-tunnel-protocol IPSec l2tp-ipsec
tunnel-group 66.46.186.170 type ipsec-l2l
tunnel-group 66.46.186.170 general-attributes
default-group-policy Site2Site
tunnel-group 66.46.186.170 ipsec-attributes
pre-shared-key melongP@$$
...