05-22-2018 07:49 AM - edited 03-12-2019 05:18 AM
We have received form from third party, they want us to configure VPN connection with their system
Their VPN details:
1. Technical Information
Name / FQDN VPN Concentrator
IP Address (GW) *.*.*.*
VPN Device Description Cisco ASA 5555
VPN Device Version Version 9.2(4)
Encryption Domain (e.g. *.*.*.*/24 ) *.*.*.*/*.*.*.*
2. Tunnel Properties
PHASE 1
Authentication Method Pre-Shared Key
Encryption Scheme IKE
Diffie-Hellman Group Group 2
Encryption Algorithm ESP-AES-256
Hashing Algorithm SHA-1
Main or Aggressive Mode Main Mode
Lifetime (for renegotiation) 86400 seconds
PHASE 2
Encapsulation (ESP or AH) ESP
Encryption Algorithm AES-256
Authentication Algorithm SHA-1
Perfect Forward Secrecy NO PFS
Lifetime (for renegotiation) 3600 seconds
Lifesize in KB (for renegotiation) Not used
Key Exchange For Subnets? Yes
We have deployed CSR 1000V on aws, with assistance of Yang youtube video tutorials, third party are asking for encryption domain, which confuse me. I am a programmer with background in networking I did it in university, Can somebody assist me on how to archive this connection, I will add more details if needed. If you have more resources help me please.
05-22-2018 08:10 AM
Hi,
When they say "encryption domain" they are probably asking what source ip addresses are you sending traffic from and where to.
I assume you've configured a crypto map on your CSR1000v? In which case you would define an ACL. In this example 10.1.0.0 and 10.1.1.0 is your networks and 192.168.0.0 is the third party network.
ip access-list extended ENCRYPTION_DOMAIN
permit ip 10.1.0.0 0.0.0.255 192.168.0.0 0.0.0.255
permit ip 10.1.1.0 0.0.0.255 192.168.0.0 0.0.0.255
You'd then reference that ACL called ENCRYPTION_DOMAIN in the crypto map you've probably already created.
crypto map VPN 10 ipsec-isakmp
match address ENCRYPTION_DOMAIN
Post your full config if you need further assistance.
HTH
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide