You are here
SEC0023 - L2L IPSec IKEv1 with Pre-Shared Key on Router and ASA
Difficulty Level:
Lab Document:
<Please login to see the content>
Category:
Security
The video walks you through configuring site-to-site (L2L) IPSec VPN tunnel between Cisco router and ASA firewall. This is probably the simplest form of L2L IPSec using 'crypto map' and crypto ACL to match interesting traffic. You will see that you can apply the same configuration thought process to both router and ASA, while ASA having slight variation on the use of Tunnel-group and Group-policy. We will also look at how to restrict traffic over the tunnel using an access-list (ACL).
Notes:
- Make sure the crypto ACLs are reversed replica on each side
- Crypto ACL should only contain the allowed IP subnets and not protocol or port
- Use ACL and apply it to the crypto map/Group-policy if you need to restrict the VPN traffic down to protocol/port.
Topic includes
- L2L IPSec VPN between Router and ASA
- Restricting VPN Traffic with Per-Tunnel ACL
About Author
Metha Chiewanichakorn, CCIE#23585 (Ent. Infra, Sec, SP), is a Cisco networking enthusiast with years of experience in the industry. He is currently working as a consulting engineer for a Cisco partner. As a founder of and an instructor at labminutes.com, Metha enjoys learning and challenges himself with new technologies.