View Cart
0 Items | Total: US$0.00
Welcome,      Register

You are here

SEC0023 - L2L IPSec IKEv1 with Pre-Shared Key on Router and ASA

Average: 4.7 (3 votes)
Difficulty Level: 
Lab Document: 
<Please login to see the content>

The video walks you through configuring site-to-site (L2L) IPSec VPN tunnel between Cisco router and ASA firewall. This is probably the simplest form of L2L IPSec using 'crypto map' and crypto ACL to match interesting traffic. You will see that you can apply the same configuration thought process to both router and ASA, while ASA having slight variation on the use of Tunnel-group and Group-policy. We will also look at how to restrict traffic over the tunnel using an access-list (ACL). 

  • Make sure the crypto ACLs are reversed replica on each side
  • Crypto ACL should only contain the allowed IP subnets and not protocol or port
  • Use ACL and apply it to the crypto map/Group-policy if you need to restrict the VPN traffic down to protocol/port.
Topic includes
  • L2L IPSec VPN between Router and ASA
  • Restricting VPN Traffic with Per-Tunnel ACL

About Author

Metha Cheiwanichakorn, CCIE#23585 (RS, Sec, SP), is a Cisco networking enthusiast with years of experience in the industry. He is currently working as a consulting engineer for a Cisco partner. As a founder of and an instructor at, Metha enjoys learning and challenges himself with new Cisco technologies.