Labels

zaterdag 28 november 2015

Cisco ASA - VPN Config Template

When I want to configure a site-2-site VPN on a Cisco ASA, I use the following script. Maybe it is useful to others, so I decide to share it. The following content is an example, and you need to alter the values to match them for your own environment.
access-list outside_1_cryptomap remark VPN Description access-list outside_1_cryptomap extended permit ip x.x.x.x 255.255.255.0 y.y.y.y 255.255.0.0
!
access-list vpnfilter-name extended permit ip any4 any4
!
crypto ikev1 policy xx authentication pre-share
encryption aes
hash sha
group 2
lifetime 28800
!
!
group-policy grpol-s2s-xxxx internal
group-policy grpol-s2s-xxxx attributes
vpn-idle-timeout none
vpn-filter value vpnfilter-name
vpn-tunnel-protocol ikev1
!
tunnel-group p.p.p.p type ipsec-l2l
tunnel-group p.p.p.p general-attributes
default-group-policy grpol-s2s-xxxx
tunnel-group p.p.p.p ipsec-attributes
ikev1 pre-shared-key vpn-secret
!
crypto map outside_map n match address outside_1_cryptomap
crypto map outside_map n set pfs group5
crypto map outside_map n set peer p.p.p.p
crypto map outside_map n set ikev1 transform-set ESP-3DES-SHA
crypto map outside_map n set security-association lifetime seconds xxxxx
crypto map outside_map n set nat-t-disable