Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1067
Views
0
Helpful
2
Replies

Site to Site VPN on ASA

hemant.yadav
Level 1
Level 1

‎05-25-2012 04:57 AM - edited ‎02-21-2020 04:39 AM

Hi,

As I am trying to create site to site VPN.

The other side they have given me parameters.

Phase 2 parameter is esp-3des esp-sha-hmac.

SIM IP subnet is 10.85.170.0/23 and VPN gateway is 41.220.75.1

IKE Encryption (Phase 1): 3DES

IKE Hash (Phase 1): SHA1

IKE Diffie-Hellman Group: 2

IKE lifetime: (default 86400 seconds)

IPSEC Phase 2 Encryption: 3DES

IPSEC Phase 2 Hash: SHA1

As based on this parameters i have done configuration.

crypto ipsec transform-set xxxxx esp-3des esp-sha-hmac

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

crypto map IPSec_map 10 match address fasttrack

crypto map IPSec_map 10 set peer 41.220.75.1

crypto map IPSec_map 10 set transform-set xxxx

crypto map IPSec_map interface OUTSIDE

crypto isakmp enable OUTSIDE

crypto isakmp policy 1

authentication pre-share

encryption 3des

hash sha

group 2sh

lifetime 86400

tunnel-group 41.220.75.1 type ipsec-l2l

tunnel-group 41.220.75.1 ipsec-attributes

pre-shared-key xxxxxx

access-list fasttrack extended permit ip 10.85.170.0 255.255.254.0 host 63.173.33.69

crypto isakmp enable OUTSIDE

Can any one can tell my configuration is correct.

thanks,

0 Helpful
2 Replies 2

hemant.yadav
Level 1
Level 1

‎05-25-2012 05:29 AM

Hi Varun,

I am expecting you reply.

Thanks,

0 Helpful

varrao
Level 10
Level 10
In response to hemant.yadav

‎05-25-2012 05:51 AM

Hi Hemant,

The configuration is good, you can refer to this config example also:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080950890.shtml

Thanks,
Varun Rao
Security Team,
Cisco TAC

Thanks,
Varun Rao
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card