Cisco ASA IPSEC side2side vpn配置

Steps:

1)   Define a same IKE policy in both sides.

labpix(config)# isakmp policy 1 authentication pre-share
labpix(config-isakmp-policy)# authentication pre-share
labpix(config-isakmp-policy)# encryption des
labpix(config-isakmp-policy)# hash md5
labpix(config-isakmp-policy)# group 1

2)   Enable IKE on outside interface.

labpix(config)# isakmp enable outside
labpix(config)# isakmp identity address

3)   Setup IKE group for remote peer,
match your pre-share key in both side.

labpix(config)# isakmp key ******* address 122.225.x.x
4)   Config ASA permit IPSec traffic through it

labpix(config)# sysopt connection permit-vpn

5)   Define a same transform-set in both side.

labpix(config)# crypto ipsec transform-set Test esp-3des esp-sha-hmac

6)   Define ××× interesting traffic.

access-list pix2asa permit ip 192.168.200.0 255.255.255.0
192.168.1.0 255.255.255.0

7)   Create a no NAT Access-list and apply it to Inside interface.

access-list nonat permit ip 192.168.200.0 255.255.255.0
192.168.1.0 255.255.255.0
nat (inside) 0 access-list nonat

 

8)   Create a Crypto Map and apply it to Outside interface.

labpix(config)#crypto map Outside_map 15 match address pix2asa
labpix(config)#crypto map Outside_map 15 set peer 122.225.x.x

labpix(config)#crypto map Outside_map 15 set transform-set Test
labpix(config)#crypto map Outside_map interface outside
9)    Check the Security Association

labpix(config)# show isakmp sa
     Active SA: 1
         Rekey SA: 0 (A tunnel will report 1 Active and
1 Rekey SA during rekey)

Total IKE SA: 1

1   IKE Peer: 122.225.x.x
      Type    : L2L             Role    : initiator
      Rekey   : no              State   : MM_ACTIVE
10)    Check the ××× tunnel connection.

C:\Documents and Settings\justin.zhang>ping 192.168.200.15

Pinging 192.168.200.15 with 32 bytes of data:

Reply from 192.168.200.15: bytes=32 time=235ms TTL=126
Reply from 192.168.200.15: bytes=32 time=238ms TTL=126
Reply from 192.168.200.15: bytes=32 time=233ms TTL=126
Reply from 192.168.200.15: bytes=32 time=239ms TTL=126

Ping statistics for 192.168.200.15:
       Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
      Minimum = 233ms, Maximum = 239ms, Average = 236ms