We currently have a VPN setup for our users when they are on the road or working from home using Cisco AnyConnect. We have the VPN setup on our ASA 5508 Firewall.
I now have a client that we send data to that needs us to setup a VPN for the connection. I was wondering if there was anyone out there that would be able to help me create the VPN (IKEv1 or IKEv2) and fill out this VPN questionnaire. Thank you in advance!!
Solved! Go to Solution.
Did you actually want the command syntax or just complete the bits in yellow that are missing?
Here is the IKEv2 information, including the missing yellow bits you could use:-
Pre-Shared Key: Make this up yourself
DH Group: 19
IKEv2 IPSec Proposal
I would like help with setting up the VPN is ASDM. As I have never really done the VPN setup part. I want to make sure not to do anything that would conflict with our current employee VPN.
Ok. take a backup before you make the configuration changes.
It shouldn't conflict, you can run both in parallel.
Use this guide here if you are going to configure the Site-to-Site VPN using ASDM, when prompted select the encryption, integrity etc values as specified above.
Any problems please upload the configuration
Yes, that makes sense. I know my internal network to use for Local Network, how do I know the internal network of the peer? They gave me their Peer address which I used at the beginning of the wizard and then also gave me two Host addresses. Thanks again for your help, I appreciate it!!
How do I add 2 addresses to the Remote Network field?
I ended up creating a new Network Object that had an IP range that for the two addresses. Does that sound right?
It would probably be better to define 2 objects, then add those network objects to a network object group.
This would probably mirror what the peer has configured, rather than a range.
Okay, so I created the two addresses as two separate Network Objects, then made a Network Object Group and added the two new Network Objects. Now, I am on to the Security step, I think I need to do the IKE version 2 and add a Pre-share Key.
Yes. Referring back to the initial post, the missing yellow bits will need to be confirmed with the peer, as they will need to match exactly. The Pre-shared key will also need to match.