| KB | 0000072 | |
| Dated | 09/11/09 | |
| Revision | 0.02 | |
| Problem | ||
| Below is a walkthrough for setting up one end of a site to site VPN Tunnel using a Cisco ASA appliance - Via the ASDM console. Though if (Like me) you prefer using the Command Line Interface I've put the commands at the end. | ||
| Solution | ||
 |
1. Open up the ADSM console. > Click Wizards > VPN Wizard. |
 |
2. Select “Site-to-Site VPN” > Next. |
 |
3. Enter the Peer IP address (IP of the other end of the VPN tunnel - I've blurred it out to protect the innocent) > Select “Pre Shared Key” and enter the key (this needs to be identical to the key at the other end. > Give the tunnel group a name or accept the default entry of its IP address. > Next. |
 |
4. Choose the encryption protocol (DES, 3DES, AES-128, AES-192, or AES256), choose the Authentication Method (SHA or MD5), and choose the Diffie Hellman Group (1, 2, 5 or 7). Note the other end must match, this establishes phase 1 of the tunnel. > Next. |
 |
5. Now select the Encryption Protocols (DES, 3DES, AES-128, AES-192, or AES256), choose the Authentication method (SHA, MD5 or None). Note this is for phase 2 and will protect the encrypted traffic “In Flight”. > Next. |
 |
6. Now you need to specify what traffic to encrypt, on the left hand side enter the network or host details (of what’s behind the ASA you are working on), and on the right hand side the IP address of the network or host that’s behind the other VPN endpoint. Note the other end should be a mirror image. > Next. |
 |
7. Review the Settings (Note I've blurred the IP address out again) > Next. |
 |
8. Back at the ASDM console commit the settings to the ASA memory, Click File > “Save Running Configuration to Flash.” |
Do the same thing from command line |
|
access-list outside_20_cryptomap extended permit ip 10.254.254.0 255.255.255.0 10.1.0.0 255.255.0.0 |
|
