01-31-2019 10:16 AM
!
crypto ikev2 proposal IKEv2-PROPOSAL
encryption aes-cbc-256
integrity sha512
group 15
!
crypto ikev2 policy IKEv2-POLICY
match fvrf any
proposal IKEv2-PROPOSAL
!
crypto ikev2 keyring IKEv2-KEYRING
peer TO-CENT
address 172.16.33.130
identity fqdn cent-ops-ie-01.domain.com
pre-shared-key cisco123
!
peer TO-HPNX
address 172.16.10.130
identity fqdn hpnx-ops-ie-01.domain.com
pre-shared-key cisco123
!
!
crypto ikev2 profile IKEv2-PROFILE-CENT
match identity remote fqdn domain domain.com
identity local fqdn cacc-ops-ie-01.domain.com
authentication local pre-share
authentication remote pre-share
keyring local IKEv2-KEYRING
!
crypto ikev2 profile IKEv2-PROFILE-HPNX
match identity remote fqdn domain domain.com
identity local fqdn cacc-ops-ie-01.domain.com
authentication local pre-share
authentication remote pre-share
keyring local IKEv2-KEYRING
!
crypto ipsec transform-set MYSET esp-aes 256 esp-sha512-hmac
mode tunnel
!
crypto ipsec profile TUNNEL-PROFILE-CENT
set transform-set MYSET
set ikev2-profile IKEv2-PROFILE-CENT
!
crypto ipsec profile TUNNEL-PROFILE-HPNX
set transform-set MYSET
set ikev2-profile IKEv2-PROFILE-HPNX
!
interface Tunnel108
description <== Datacenter Connection to HPNX ==>
ip address 10.254.1.33 255.255.255.252
ip ospf authentication key-chain OSPF-KEY-CHAIN
tunnel source GigabitEthernet0/0
tunnel mode ipsec ipv4
tunnel destination 172.16.10.130
tunnel protection ipsec profile TUNNEL-PROFILE-HPNX
!
interface Tunnel109
description <== Datacenter Connection to CENT ==>
ip address 10.254.1.37 255.255.255.252
ip ospf authentication key-chain OSPF-KEY-CHAIN
tunnel source GigabitEthernet0/0
tunnel mode ipsec ipv4
tunnel destination 172.16.33.130
tunnel protection ipsec profile TUNNEL-PROFILE-CENT
!
01-31-2019 10:23 AM
01-31-2019 11:05 AM
to add what RJI said you need ASA version 9.8 in order to run/config the VTI to consolidate your configuration.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: