VIDEO
ASA Configuration
ASAv2 Omitted Configuration
asa2# show run
:
ASA Version 9.12(3)
!
hostname asa2
!
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address 172.16.1.1 255.255.255.0
!
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 192.168.10.1 255.255.255.0
!
interface GigabitEthernet0/2
nameif labout
security-level 100
ip address 192.168.107.10 255.255.255.0
!
interface Management0/0
management-only
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
!
access-list VPN10 extended permit ip 192.168.10.0 255.255.255.0 192.168.20.0 255.255.255.0
!
route outside 192.168.20.0 255.255.255.0 172.16.1.2 1
!
crypto ipsec ikev2 ipsec-proposal IPSEC-PRO
protocol esp encryption aes-256
protocol esp integrity sha-256
crypto ipsec security-association pmtu-aging infinite
crypto map 10-20 10 match address VPN10
crypto map 10-20 10 set peer 172.16.1.2
crypto map 10-20 10 set ikev2 ipsec-proposal IPSEC-PRO
crypto map 10-20 interface outside
!
crypto ikev2 policy 10
encryption aes-256
integrity sha256
group 14
prf sha256
lifetime seconds 86400
crypto ikev2 enable outside
!
tunnel-group 172.16.1.2 type ipsec-l2l
tunnel-group 172.16.1.2 ipsec-attributes
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
!
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
!
: end
ASAv3 Omitted Configuration
asa3# sh run
: Saved
ASA Version 9.12(3)
!
hostname asa3
!
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address 172.16.1.2 255.255.255.0
!
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 192.168.20.1 255.255.255.0
!
interface Management0/0
management-only
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
!
access-list VPN20 extended permit ip 192.168.20.0 255.255.255.0 192.168.10.0 255.255.255.0
!
route outside 192.168.10.0 255.255.255.0 172.16.1.1 1
!
crypto ipsec ikev2 ipsec-proposal IPSEC-PRO
protocol esp encryption aes-256
protocol esp integrity sha-256
crypto ipsec security-association pmtu-aging infinite
crypto map 20-10 10 match address VPN20
crypto map 20-10 10 set peer 172.16.1.1
crypto map 20-10 10 set ikev2 ipsec-proposal IPSEC-PRO
crypto map 20-10 interface outside
!
crypto ikev2 policy 10
encryption aes-256
integrity sha256
group 14
prf sha256
lifetime seconds 86400
crypto ikev2 enable outside
!
tunnel-group 172.16.1.1 type ipsec-l2l
tunnel-group 172.16.1.1 ipsec-attributes
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
!
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
!
: end
Like this: Like Loading...
Related