ipsec vpn tunnel…


before traffic, no security association…


host1 pings host2, notice the delay


asa1 is the intitiator…


as2 is the responder…


the capture…


the config… reverse as needed on the other end…

!asa1 vpn commands

!enable isakmp

crypto isakmp enable outside


access-list outside-crypto permit ip object inside-net object remote-net

!tunnel group

tunnel-group type ipsec-l2l
tunnel-group ipsec-attributes
pre-shared-key cisco
isakmp keepalive threshold 10 retry 2

!phase 1 (key exchange)

crypto isakmp policy 10 authentication pre-share
crypto isakmp policy 10 encrypt 3des
crypto isakmp policy 10 hash sha
crypto isakmp policy 10 group 2
crypto isakmp policy 10 lifetime 3600

!phase 2 (tunnel setup)

crypto ipsec transform-set TS esp-3des esp-sha-hmac
crypto map CMAP 1 match address outside-crypto
crypto map CMAP 1 set pfs group1
crypto map CMAP 1 set peer
crypto map CMAP 1 set transform-set TS

crypto map CMAP interface outside

!NAT (no nat)

nat (inside,outside) 1 source static inside-net inside-net destination static remote-net remote-net